New P2P Botnets Classification And Detection Framework

Botnets is a tool for high-profile cyber-attack. It is a collection of compromised computer infected with advance malware that allows an attacker to remotely control them. Some botnets used Peer to Peer (P2P) protocols and Peer to Peer (P2P) technology to control computers and exploits users. They a...

Full description

Saved in:
Bibliographic Details
Main Author: Abdullah, Raihana Syahirah
Format: Thesis
Language:English
English
Published: 2016
Subjects:
Online Access:http://eprints.utem.edu.my/id/eprint/18573/1/New%20P2P%20Botnets%20Classification%20And%20Detection%20Framework%2024%20Pages.pdf
http://eprints.utem.edu.my/id/eprint/18573/2/New%20P2P%20Botnets%20Classification%20And%20Detection%20Framework.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-utem-ep.18573
record_format uketd_dc
institution Universiti Teknikal Malaysia Melaka
collection UTeM Repository
language English
English
advisor Abdollah, Mohd Faizal

topic T Technology (General)
T Technology (General)
spellingShingle T Technology (General)
T Technology (General)
Abdullah, Raihana Syahirah
New P2P Botnets Classification And Detection Framework
description Botnets is a tool for high-profile cyber-attack. It is a collection of compromised computer infected with advance malware that allows an attacker to remotely control them. Some botnets used Peer to Peer (P2P) protocols and Peer to Peer (P2P) technology to control computers and exploits users. They are known as P2P Botnets. The unification of botnets and P2P technology make it more powerful and robust to be detected. Latest P2P botnets caused crisis and chaos to the network security. In order to deal with the issue, framework is needed to illustrate and explain the modules, terminologies and procedures as an important parts to implement the detection. But, the current P2P botnets detection frameworks are still not comprehensive enough to recognize the emergence of latest P2P botnets that cause financial loss and data damage to the network of the organization. Previous frameworks are incomplete and contained many of limitations which require some improvement. Lower detection rate and higher false alarms increase the failure of botnets detection. Hence, higher false alarm significantly causes ineffectiveness of detection. Due to the issues faced to identify the P2P botnets activities, the main objective of this research is to enhance P2P botnets detection framework using integrated approach. A complete analysis flow is performed to detect and classify the P2P botnets by adopting integrated analyser and integrated analysis. Besides developing a new framework, the research analysis classifies the behaviour of P2P botnets in order to differentiate between the P2P normal and P2P botnets. Through classification, this research introduces a generic P2P attack pattern and P2P behavioural model. Both generic P2P attack pattern and P2P behavioural model are then applied to develop the integrated approach that is used to validate the new P2P botnets detection. In evaluation and validation, the results showed that a new P2P botnets detection framework has effectively obtained high accuracy, high detection rates and lower false alarm. Significantly, the process of finding, identifying, classifying and detecting the P2P botnets is collaborated with Cyber Security Malaysia. Hence, this research introduces an enhancement framework to detect P2P botnets activities and validated by integrated approach that helps the network administrator to identify the existence of P2P botnets.
format Thesis
qualification_name Doctor of Philosophy (PhD.)
qualification_level Doctorate
author Abdullah, Raihana Syahirah
author_facet Abdullah, Raihana Syahirah
author_sort Abdullah, Raihana Syahirah
title New P2P Botnets Classification And Detection Framework
title_short New P2P Botnets Classification And Detection Framework
title_full New P2P Botnets Classification And Detection Framework
title_fullStr New P2P Botnets Classification And Detection Framework
title_full_unstemmed New P2P Botnets Classification And Detection Framework
title_sort new p2p botnets classification and detection framework
granting_institution Universiti Teknikal Malaysia Melaka
granting_department Faculty of Information and Communication Technology
publishDate 2016
url http://eprints.utem.edu.my/id/eprint/18573/1/New%20P2P%20Botnets%20Classification%20And%20Detection%20Framework%2024%20Pages.pdf
http://eprints.utem.edu.my/id/eprint/18573/2/New%20P2P%20Botnets%20Classification%20And%20Detection%20Framework.pdf
_version_ 1747833938541281280
spelling my-utem-ep.185732021-10-10T16:38:50Z New P2P Botnets Classification And Detection Framework 2016 Abdullah, Raihana Syahirah T Technology (General) TK Electrical engineering. Electronics Nuclear engineering Botnets is a tool for high-profile cyber-attack. It is a collection of compromised computer infected with advance malware that allows an attacker to remotely control them. Some botnets used Peer to Peer (P2P) protocols and Peer to Peer (P2P) technology to control computers and exploits users. They are known as P2P Botnets. The unification of botnets and P2P technology make it more powerful and robust to be detected. Latest P2P botnets caused crisis and chaos to the network security. In order to deal with the issue, framework is needed to illustrate and explain the modules, terminologies and procedures as an important parts to implement the detection. But, the current P2P botnets detection frameworks are still not comprehensive enough to recognize the emergence of latest P2P botnets that cause financial loss and data damage to the network of the organization. Previous frameworks are incomplete and contained many of limitations which require some improvement. Lower detection rate and higher false alarms increase the failure of botnets detection. Hence, higher false alarm significantly causes ineffectiveness of detection. Due to the issues faced to identify the P2P botnets activities, the main objective of this research is to enhance P2P botnets detection framework using integrated approach. A complete analysis flow is performed to detect and classify the P2P botnets by adopting integrated analyser and integrated analysis. Besides developing a new framework, the research analysis classifies the behaviour of P2P botnets in order to differentiate between the P2P normal and P2P botnets. Through classification, this research introduces a generic P2P attack pattern and P2P behavioural model. Both generic P2P attack pattern and P2P behavioural model are then applied to develop the integrated approach that is used to validate the new P2P botnets detection. In evaluation and validation, the results showed that a new P2P botnets detection framework has effectively obtained high accuracy, high detection rates and lower false alarm. Significantly, the process of finding, identifying, classifying and detecting the P2P botnets is collaborated with Cyber Security Malaysia. Hence, this research introduces an enhancement framework to detect P2P botnets activities and validated by integrated approach that helps the network administrator to identify the existence of P2P botnets. UTeM 2016 Thesis http://eprints.utem.edu.my/id/eprint/18573/ http://eprints.utem.edu.my/id/eprint/18573/1/New%20P2P%20Botnets%20Classification%20And%20Detection%20Framework%2024%20Pages.pdf text en public http://eprints.utem.edu.my/id/eprint/18573/2/New%20P2P%20Botnets%20Classification%20And%20Detection%20Framework.pdf text en validuser https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=101738 phd doctoral Universiti Teknikal Malaysia Melaka Faculty of Information and Communication Technology Abdollah, Mohd Faizal 1. Abad, C., Taylor, J., Sengul, C., Yurcik, W., Zhou, Y. and Rowe, K., 2003. Log Correlation for Intrusion Detection: A Proof of Concept. Proceedings of the 19th Annual Computer Security Applications Conference, pp. 255-264. 2. Adelstein, F., Stillerman, M., and Kozen, D., 2002, Malicious Code Detection for Open Firmware. Proceedings of 18th Annual Computer Security Applications Conference. 3. Alfred, W. and Sing, L., 2007. Peer-to-Peer Computing: Building Supercomputers with Web Technologies, USA: Springer Publishings. 4. Al-Hammadi, Y. and Aickelin, U., 2010. Behavioural Correlation for Detecting P2P Bots. Second International Conference on Future Networks, ICFN '10. 5. Amrit and Manik, 2014. Analysis of Host-Based and Network-Based Intrusion Detection System. International Journal Computer Network and Information Security, Vol. 8, pp. 41-47. 6. Andy Field, 2005. Discovering Statistic using SPSS 2nd edition, London: Sage Publication. 7. Anil, S. and Remya, R. 2013. A hybrid method based on Genetic Algorithm, Self-Organised Feature Map and Support Vector Machine for better Network Anomaly Detection, Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT). 8. Arora, D., Verigin, A., Godkin, T. and Stephen W., N., 2014. Statistical Assessment of Sybil-Placement Strategies within DHT-Structured Peer-to-Peer Botnets. IEEE International Conference on Advanced Information Networking and Applications, pp. 821-828. 9. Arshad, S., Abbaspour, M., Kharrazi, M., and Sanatkar, H., 2011. An Anomaly-based Botnet Detection Approach for Identifying Stealthy Botnets, IEEE International Conference on Computer Applications and Industrial Electronics (ICCAIE). 10. Bailey, M., Cooke, E., Jahanian, F., Xu, Y., and Karir, M., 2009. A Survey of Botnet Technology and Defenses. Conference For Homeland Security CATCH, pp. 299-304. 11. Barakat, A., and Khattab, S., 2010. A Comparative Study of Traditional Botnets Versus Super-Botnets. The 7th International Conference on Informatics and Systems INFOS. 12. Bao, X., Xu, T. and Hou, H. 2009. Network Intrusion Detection Based on Support Vector Machine. International Conference on Management and Service Science MASS. 13. Bashah, N., Shanmugam, I.B., and Ahmed, A., M., 2005. Hybrid Intelligent Intrusion Detection System. World Academy of Science, Engineering and Technology. 14. Binkley, J. R. and Singh, S. 2006. An Algorithm for Anomaly-based Botnet Detection. Proceeding USENIX: Steps to Reducing Unwanted Traffic on the Internet Workshop SRUTI. 15. Boonbox, 2009. Types of IT Security Threats and Their Consequences: White Paper Report. Pacific Coast Information System PCIS. 16. Brands, E.H.T.B. and Karagiannis, G., 2009. Taxonomy of P2P Applications. Twente University, Netherlands. 17. Braverman, M. 2005. P2P Botnets: A Case Study from Microsoft’s Perspective. Virus Bulletin Conference. 18. Brett, S. G., Marco, Lorenzo, C., Gilbert, B., and Martin, S., 2009. Your Botnet is My Botnet: Analysis of a Botnet Takeover. Proceedings of the 16th ACM Conference on Computer and Communications Security, ACM. 19. Brezo, F., Santos, I., Bringas, P., G., and Val, J. L., 2011. Challenges and Limitations in Current Botnet Detection. 22nd International Workshop on Database and Expert Systems Applications DEXA. 20. Buford J. F., Yu, H., and Lua, E. K., 2009. P2P Networking and Applications, Burlington: Morgan Kaufmann. 21. Briesemeister, L., Cheung, S., Lindqvist, U. and Valdes, A., 2010. Detection, Correlation, and Visualization of Attacks against Critical Infrastructure Systems. Proceedings of the 8th Annual Conference on Privacy, Security and Trust, pp. 15-22. 22. Burji, S., Liszka, K. J., and Chan, C., 2010, Malware Analysis Using Reverse Engineering and Data Mining Tools, International Conference on System Science and Engineering ICSSE. 23. CERT-RO, 2013. Analysis of Cyber Security Incidents First Quarter of 2013. International Journal of Information Security and Cybercrime, Vol. 2, Issue 1, pp. 2-21. 24. Chandrasekhar, A.M. and Raghuveer, K. 2013. Intrusion Detection Technique by using K-means, Fuzzy Neural Network and SVM Classifiers. International Conference on Computer Communication and Informatics ICCCI. 25. Chandrashekar, J., Orrin, S., and Eve, L., 2009. The Dark Cloud: Understanding and Defending against Botnets and Stealthy Malware. Intel Technology Journal, Vol. 13, Issue 2, pp. 130-147. 26. Chao, L., Wei, J., and Zou, X., 2009. Botnet: Survey and Case Study. Fourth International Conference on Innovative Computing, Information and Control ICICIC. 27. Chaoge, L., Weiqing, L., Zhang, Z., and Liao, P., 2011. A Recoverable Hybrid C&C Botnets, 6th International Conference on Malicious and Unwanted Software MALWARE. 28. Charles, L. 2013. Malware Threats in our Cyber Infrastructure, Yogyakarta: Swiss German University. 29. Cheung, S., Fong W. M. and Lindqvist, U. 2010. Modelling Multistep Cyber Attacks for Scenario Recognition. Proceedings of the 3rd DARPA Information Survivability Conference and Exposition DISCEX III, Vol. 1, pp. 284-292. 30. Chia Mei Chen, Sheng Tzong Cheng and Ju Hsien Chou. (2013). Detection of Fast-flux domains. Journal of Advances in Computer Networks, Vol. 1, No. 2. 31. Ching Hsiang Hsu, chu Ying Huang and Kuan Ta Cheu (2010). Fast-flux Bot Detection in Real Time. Proceeding of RAID. 32. Chitrakar R. and Chuanhe, H., 2012. Anomaly Detection using Support Vector Machine Classification with k-Medoids Clustering. International Conference on Third Asian Himalayas Internet AH-ICI, IEEE. 33. Chris, H., 1997. Detecting Attack on Networks. IEEE Industry Trends Computer Society, Vol. 30, pp. 16-17. 34. Chunyong, Y. and Ghorbani, A., 2011, P2P Botnet Detection Based on Association between Common Network Behaviors and Host Behaviors. Proceedings of the International Conference on Multimedia Technology IEEE, pp. 5010-5012. 35. Clemens, K., Engin, K., and Kruegel, C., 2011. The Power of Procrastination: Detection and Mitigation of Execution-Stalling Malicious Code. Proceedings of the 18th ACM Conference on Computer and Communications Security. 36. Cristianini, N. and Shawe-Taylor, J., 2006. An Introduction to Support Vector Machines and Other Kernel-based Learning Methods, Beijing: Publishing House of Electronics Industry. 37. Crothers, T. 2013. Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network, USA: Wiley Publishing, Inc. 38. CSI, 2011. 15th Annual 2010/2011 CSI Computer Crime and Security Survey. Computer Security Institute. 39. Cyber Security Malaysia 2010. eSecurity: MyCert 1st Quarter 2013 Summary Report, Vol. 34. 40. Cyber Security Malaysia 2011. eSecurity: MyCert 1st Quarter 2011 Summary Report. Vol. 26. 41. Cyber Security Malaysia 2012. eSecurity: MyCert 3trd Quarter 2012 Summary Report. Vol. 32. 42. Cyber Security Malaysia 2012. eSecurity: MyCert Special Edition 2012 Summary Report. Vol. 34. 43. Cyber Security Malaysia 2013. MyCERT Incident Statistics [Online] Available at http://www.mycert.org.my/en/services/statistic/mycert/2012/main/detail/836/index.html on 15 November 2011. 44. Dae-il, J., Minsoo, K., Jung, H., and Noh, B., 2009. Analysis of HTTP2P Botnet: Case Study Waledac. 9th Malaysia International Conference on Communications MICC. 45. Dagon, D. 2005. Botnet Detection and Response, The Network is the Infection. OARC Workshop. 46. Dagon, D., Guofei, G., Lee, C., P., and Wenke, L., 2007. A Taxonomy of Botnet Structures, Computer Security Applications Conference. ACSAC Twenty-Third Annual. 47. Dan L., Li, Y., Hu, Y., and Liang, Z., 2010. A P2P-Botnet Detection Model and Algorithms Based on Network Streams Analysis. International Conference on Future Information Technology and Management Training. pp. 55-58. 48. Debar, H., Dacier, M., and Wespi, A., 1999. Towards a Taxonomy of Intrusion Detection Systems. Computer Networks, Vol 31, pp. 805-822. 49. Deerman, J. 2012, Advanced Malware Detection through Attack Life Cycle Analysis: The Evolution of Malware, ISC8 Secure. 50. Dini, G., and LaPorta, I., S., 2009. BLOBOT: BLOcking BOTs at the Doorstep. Fourth International Multi-Conference on Computing in the Global Information Technology ICCGI. 51. Dittrich, D., and Dietrich, S., 2008. P2P as Botnet Command and Control: A Deeper Insight. 3rd International Conference on Malicious and Unwanted Software, MALWARE. 52. Donghong, S., Li, X., Liu, W., and Wu, J., 2010. The New Architecture of P2P Botnets. Cybercrime and Trustworthy Computing Workshop CTC. 53. Duan, J., Jiao, J., Xia, C., and Yao. S., 2010. Descriptive Model of Peer-to-Peer Botnet Structures. International Conference on Educational and Information Technology, pp. 153-157. 54. Easttom, C., 2006. Network Defense and Countermeasures: Principles and Practices, New Jersey: Pearson Prentice Hall Education Inc. 55. Egele, M., Moser, A., Kruegel, C., and Kirda, E., 2011. PoX: Protecting Users from Malicious Facebook Applications, International Conference on Pervasive Computing and Communications Workshops PERCOM Workshops. 56. Elizabeth, S. and John, C. M., 2008. Towards Systematic Evaluation of the Evadability of Bot/Botnet Detection Methods. Proceedings of the 2nd conference on USENIX Workshop on Offensive Technologies. 57. Elshoush, H. T., and Osman, I. M., 2011. Alert Correlation in Collaborative Intelligent Intrusion Detection Systems - A Survey. Journal of Applied Soft Computing, pp. 1-17. 58. Emmanuel, H., 2006. Experimental Validation and Analysis of an Intelligent Detection and Response Strategy to False Positives and Network Attacks. Proceedings of the IEEE Intelligence and Security Informatics Conference, pp. 711-714. 59. Estrada, V.C., and Nakao, A., 2010. A Survey on the Use of Traffic Traces to Battle Internet Threats. Third International Conference on Knowledge Discovery and Data Mining, WKDD '10, pp. 601-604. 60. Ezzeldin, H., 2010. Penetration Testing: Scanning using Nmap Part 1 [Online] Available at: http://haymanezzeldin.blogspot.com/2008/02/scanning-using-nmap-part-1.html [Accessed on 30 Mac 2011]. 61. Faizal, M.A. 2009. Fast Attack Detection Technique for Network Intrusion Detection System, Ph. D. Thesis Universiti Teknikal Malaysia Melaka, Malaysia. 62. Fang, X., Wei, Z., Teng, S. and Han, N. 2010. A Research on Intrusion Detection Based on Support Vector Machines. International Conference on Communications and Intelligence Information Security. 63. Fang, Y., Yinglian, X., and Ke, Q., 2010. SBotMiner: Large Scale Search Bot Detection. Proceedings of the Third ACM International Conference On Web Search And Data Mining. 64. Feily, M., Shahrestani, A., and Ramadas, S., 2009. A Survey of Botnets and Botnets Detection, Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE). 65. Ferragut, E.,M., Laska, J. and Bridges, R.A. 2012. A New, Principled Approach to Anomaly Detection, 11th International Conference on Machine Learning and Applications, IEEE. 66. Fichera, J., and Bolt, S., 2013. Network Intrusion Analysis: Methodologies, Tools and Techniques for Incident Analysis and Response, USA: Elsevier. 67. Fisher, D., 2010. U.S. Reigns as Most-Infected Country. Threat Post, Kaspersky Lab Security News Service. 68. Ford, R., Schiller, C., Fogie, S., DeRodeff C., and Gregg, M., 2008. Infosecurity 2008 Threat Analysis. United States of America: Syngress Publishing Inc. 69. Frederick, K., 2000. Abnormal IP Packets. Available at: http://www.symantec.com/ connect/articles/abnormal-ip-packets [Accessed on 30 March 2011]. 70. Georgia Tech Information Security Center GTISC, 2011. Emerging Cyber Threat Report 2011, Security Summit 2011. 71. Gianluca, S., Christopher, K., and Vigna, G., 2010. Detecting Spammers On Social Networks. Proceedings of the 26th Annual Computer Security Applications Conference, Austin, Texas, ACM. 72. Grizzard, J., B., 2007. Peer-to-Peer Botnets: Overview and Case Study. [Online] Available at: http://www.usenix.org/event/hotbots07/tech/full_papers/grizzard/grizzard.pdf [Accessed on 11 January 2011] 73. GTIR, 2013. Global Threat Intelligence Report. USA: Solutionary, Inc. 74. Gu, G., Porras, P., and Vinod, Y., 2007. BotHunter: Detecting Malware Infection through IDS-Driven Dialog Correlation. Proceedings of the 16th USENIX Security Symposium, Boston 75. Gu, G., Zhang, J., and Lee, W., 2008. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. Proceedings of the 15th Annual Network and Distributed System Security Symposium NDSS. 76. Guofei, G., Roberto, P., Zhang, J., and Lee, W., 2008. BotMiner: Clustering Analysis of Network Traffic for Protocol-and-Structure-Independent Botnet Detection. Proceedings of the 17th Conference on Security symposium. 77. Guofei, G., Yegneswaran, V., Stoll, J., and Lee, W., 2009. Active Botnet Probing to Identify Obscure Command and Control Channels. Annual Computer Security Applications Conference ACSAC. 78. Hachem, N., Ben Mustapha, Y., Granadillo, G., and Debar, H., 2011. Botnets: Lifecycle and Taxonomy, Conference on Network and Information Systems Security SAR-SSI. 79. Han, J. and Kamber, M., 2006. Data Mining: Concepts and Techniques, USA: Elsevier. 80. Hassanzadeh, A. and Sadeghiyan, B. 2009. A Data Correlation Method for Anomaly Detection Systems using Regression Relations. Proceedings of the 1st International Conference on Future Information Networks, pp. 242-248. 81. He, J., Yang, Y., Wang X., and Zeng, Y., 2014. Peer Sorter: Classifying Generic P2P Traffic in Real-Time. IEEE International Conference on Computational Science and Engineering. pp. 605-613 82. He, J., Yang, Y., Wang X., Tang, C., and Zeng, Y., 2014. PeerDigger: Digging Stealthy P2P Hosts through Traffic Analysis in Real Time. IEEE on Computational Science and Engineering, pp. 1528-1535 83. Hosmer, D.W. and Stanley, L. 2000. Applied Logistic Regression 2nd edition, USA: John Wiley and Sons Inc. 84. Hossein, R. Z., Shoostari, M., and Amoli, P., 2010. A Taxonomy of Botnet Detection Techniques, University of Technology Malaysia, Malaysia: IEEE 85. Huang, J., Lu, J. and Charles, X.L. 2003. Comparing Naive Bayes, Decision Trees and SVM with AUC and Accuracy. International Conference on Data Mining ICDM, IEEE. 86. Husin, J. 2009. ICT, Youth and Terrorism. International Conference on Youth and Terrorism Kuala Lumpur. 87. Hyunsang, C., Hanwoo, L., Heejo, L., and Kim, H., 2007. Botnet Detection by Monitoring Group Activities in DNS Traffic. 7th IEEE International Conference on.Computer and Information Technology CIT. 88. Hyunsang, C., Heejo, L., and Hyogon, K., 2009. BotGAD: Detecting Botnet by Capturing Group Activities in Network Traffic. Proceedings of the Fourth International ICST Conference on Communication System Software and Middleware. 89. Irani, D., Balduzzi, M., and Balzarotti, D., 2011. Reverse Social Engineering Attacks in Online Social Networks. Detection of Intrusions and Malware, and Vulnerability Assessment, Springer Berlin / Heidelberg. 6739: pp. 55-74. 90. Jackson, A. W., Lapsley, D., Jones, C., and Zatko, M., 2009. SLINGbot: A System for Live Investigation of Next Generation Botnet. Conference for Homeland Security, Cybersecurity Applications and Technology CATCH. 91. Jan, G. and Thorsten H., 2007. Rishi: Identify bot contaminated hosts by IRC nickname evaluation. Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnet. 92. Jaiganesh, V., Mangayarkarasi, S., and Sumathi, P., Intrusion Detection Systems: A Survey and Analysis of Classification Techniques. International Journal of Advanced Research in Computer and Communication Engineering, Vol. 2, Issue 4, pp. 2. 93. Jenik, A., 2009, Cyberway in Estonia and the Middle East. Network Security Article, Vol. 2009, Issue 12, pp. 4-6. 94. Jeong, O. K., Kim, C., Kim, W., and So, J., 2011. Botnets: Threats and Responses. International Journal of Web Information Systems, Vol. 7, Issue 1, pp. 6 - 17. 95. Jian, G., Yang, Y., Zheng, K., and Hu, Z., 2010. Research of an Innovative P2P-Based Botnet. International Conference on Machine Vision and Human-Machine Interface MVHI. 96. Jing, L., Yang, X., Kaveh, G., and Hongmei, D., 2009. Botnets: Classification, Attacks, Detection, Tracing and Preventive Measures. Proceedings of the 2009 Fourth International Conference on Innovative Computing, Information and Control, IEEE Computer Society. 97. John, E. C., 2001. Fundamental of Network Security, London: Artech House Inc. 98. Junfeng, D., Jian, J., Chunhe, X., and Shan, Y., 2010. Descriptive Model of Peer-to-Peer Botnet Structures. International Conference on Educational and Information Technology ICEIT. 99. Junjie, Z., Perdisci, R., Wenkee, L., and Sarfraz, U., 2011. Detecting Stealthy P2P Botnet Using Statistical Traffic Fingerprints. IEEE/IFIP 41st International Conference on Dependable Systems & Networks DSN. 100. Karasaridis, A., Rexroad, B., and Hoeflin, D. 2007. Wide Scale Botnet Detection and Characeristics, Proceeding 1st Workshop on Hot Topics in Understanding Botnets. 101. Karresand, M. 2003. A Proposed Taxonomy of Software Weapons No. FOI-R-0840-SE. Technical Report for FOI-Swedish Defense Research Agency. 102. Karuppayah S., Fischer M., Rossow, C., and Max, M. 2014. On Advanced Monitoring in Resilient and Unstructured P2P Botnets. IEEE ICC - Communication and Information Systems Security Symposium. pp. 871-877 103. Kindsight Security Lab, Malware Report Q4 2012 [Online] Available at: http://www.kindsight.net/sites/default/files/Kindsight_Security_LabsQ412_Malware_Report-final.pdf [Accessed on: 7 July 2013] 104. Konrad, R., Guido, S., Tobia, L., Thorsten, H., and Pavel, L., 2010. Botzilla: Detecting The "Phoning Home" Of Malicious Software. Proceedings of the Symposium on Applied Computing. 105. Kozushko, H. 2003. Intrusion Detection: Host-Based and Network-Based Intrusion Detection Systems, Independent Study. 106. Kunlun, L., Houkuan, H., Shengfeng, T. and Junzhong, Z. 2003. One Class Support Vector Machines Model for Intrusion Detection. China Safety Science Journal. 107. Langin, C., Hongbo, Z., Rahimi, S., and Gupta, B., 2009. A Self-Organizing Map and its Modeling for Discovering Malignant Network Traffic. IEEE Symposium on Computational Intelligence in Cyber Security, pp. 122-129. 108. Laura, 2013. “Why use framework?” Available at: http://www.asfusion.com/blog/entry/ why-use-a-framework [Accessed on 25 October 2013] 109. Law, F., Chow, K., Pierre K., and Hayson, K., 2010. A Host-Based Approach to Botnet Investigation?. Digital Forensics and Cyber Crime, Springer Berlin Heidelberg, Vol. 31, pp. 161-170 110. Leder, F., Werner, T., and Martini, P., 2009. Proactive Botnet Countermeasures - An Offensive Approach. The Virtual Battlefield: Perspectives on 1st Conference on Cyber Warfare 3, pp. 211-225. 111. Leonardo, G. 2007, Reach Out with the IDE and Platform. NetBeans Magazines. 112. Li, H., Hu, G., Yuan, J., and Lai, H., 2012. P2P Botnet Detection based on Irregular Phased Similarity. IEEE. 113. Li, X., N., Zheng, H., and Liu, Y., 2011. A Framework for Hybrid Structure P2P Botnet. IEEE 3rd International Conference on Communication Software and Networks ICCSN. 114. Li, X.,N., Liu, Y., and Zheng, H., 2011. Peer-to-Peer botnets: Analysis and Defense. IEEE 3rd International Conference on Communication Software and Networks ICCSN. 115. Liao, W. H., and Chang, C. C., 2010. Peer to Peer Botnet Detection Using Data Mining Scheme. Tatung University, Taiwan: IEEE. 116. Lin, H. H., Mao, C. H. and Lee, H. M. 2009. False Alarm Reduction by Weighted Score-Based Rule Adaptation through Expert Feedback. Proceedings of the 2nd International Conference on Computer Science and its Applications 2009 CSA 2009, pp. 1-8. 117. Lincoln Lab, M., 1999. DARPA Intrusion Detection Evaluation Plan. Electronic Version. 118. Liu, J., et. al. 2009. Botnet: Classification, Attacks, Detection, Tracing, and Preventive Measures. EURASIP Journal on Wireless Communications and Networking, Vol. 2009, Article ID: 692654, pp. 1-11. 119. Liu, L., Chen, S., Yan, G., and Zhang, Z., 2008. BotTracer: Execution-Based Bot-Like Malware Detection Information Security, Springer Berlin /Heidelberg. Vol. 5222, pp. 97-113 120. Luo Min 2003, A Research on Intrusion Detection Based on Clustering and Support Vector Machines. Wuhan University. 121. Martinex-Bea Sergi, Sergio Castillo-Perez, Joaquin Garcia-Alfaro (2013). Real Time Detection Malicious Fast-flux Detection using DNS. 11th Annual Conference on Privacy, Security and Trust (PST). 122. Massi, J., Panda, S., Rajappa, G., Selvaraj, S., and Revankar, S., 2010. Botnet Detection and Mitigation. Proceedings of Student-Faculty Research Day, Seidenberg School of Computer Science and Information Systems (CSIS), Pace University. 123. Masud, M. M., Al-Khateeb, T., Khan, L., and Bhavani, T., 2008. Flow-based Identification of Botnet Traffic by Mining Multiple Log Files. First International Conference on Distributed Framework and Applications. 124. Matthias, N., Paolo Milani, C., and Christian, P., 2011. Detecting Malware's Failover C&C Strategies with SQUEEZE. Proceedings of the 27th Annual Computer Security Applications Conference. 125. Moon, S. S. and Kyeong, J. J., 2006. Alert Correlation Analysis in Intrusion Detection. Proceedings of the 2nd International Conference Advanced Data Mining and Applications ADMA 2006, pp. 1049–1056. 126. Menten, L. E., Chen, A., and Stiliadis, D., 2011. NoBot: Embedded Malware Detection for Endpoint Devices, Bell Labs Technical Journal, Vol. 16, Issue 1, pp. 155-170. 127. Mielke, C., J. and Hinshun, C. 2008. Botnets and the Cybercriminal Underground. IEEE Joint International Conference on Intelligence and Security Informatic (ISI), pp. 206-211. 128. Mohammad, M., Jing, G., Latifur, K., and Jiawei, H., 2008. Peer to Peer Botnet Detection for Cyber-Security: A Data Mining Approach. Proceedings of the 4th Annual Workshop on Cyber Security and Information Intelligence Research, ACM, pp. 39:1-39:2. 129. Mukkamala, S., and Janoski G., 2002. Intrusion Detection using Neural Networks and Support Vector Machine. International Joint Conference on Neural Networks, IEEE. 130. Muthumanickam, K. and Ilavarasan, E. 2012. P2P Botnet Detection: Combined Host-and Network-Level Analysis, ICCCNT, India. 131. MyCERT Cyber Security Malaysia 2010, MyCERT Incident Statistics [Online] Available at: http://www.mycert.org.my/en/services/statistic/mycert/2009/main/detail/625/index.html 132. [Accessed on 5 January 2012] 133. MyCERT Cyber Security Malaysia 2012, MyCERT Incident Statistics [Online] Available at:http://www.mycert.org.my/en/services/statistic/mycert/ 2012/main/detail/836/index.html [Accessed on 5 January 2012] 134. Nagaraja, S., Mittal, P., Hong, C., Caesar, M., and Borisov, N., 2010. BotGrep: Finding P2P Bots with Structured Graph Analysis, 19th USENIX Security Symposium, pp. 95-110. 135. Nazario, J., and Holtz, T., 2008. As the net churns: Fast-flux Botnets Observations. 3rd Proceeding International Conference on Malicious and Unwanted Software. 136. Nehinbe, J. O., 2009. A Simple Method for Improving Intrusion Detections in Corporate Networks. In Proceeding of the International Conference on Information Security and Digital Forensics 2009, pp. 111-122. 137. NetBeans Community, 2013. Welcome to the NetBeans Community. Available at: https://netbeans.org/about/ [Accessed on 14 March 2014] 138. NetBeans Module System as a Product line Implementation Technology. Proceedings of the 2nd International Conference on Measurement and Control Engineering ICMCE 2011. 139. Ngadi, M. A., Hanan, A., and Mandala, S., 2008. A Survey on MANET Intrusion Detection, International Journal of Computer and Security, Vol. 2, Issue 1, pp. 1-11. 140. Ngadi, M., A., Yazid, M. I., and Hanan, A., 2005. A Study on Advanced Statistical Analysis for Network Anomaly Detection. Project Report, Faculty of Computer Science and Information System, Skudai, Johor. 141. Nivargi, V., Bhaowal, M., and Lee, T. 2009. Machine Learning Based Botnet Detection, Technical Report, CS229, Stanford. 142. Noreen, K., Brahim, B. S., Suziah, S., Iftikhar, A., and Muhammad, H., 2012. An Approach towards Intrusion Detection using PCA Feature Subsets and SVM. International Conference on Computer & Information Science ICCIS, IEEE. 143. Oshima, S., Nakashima, T. and Nishikido, Y., 2009. Extraction of Characteristics of Anomaly Accessed IP Packets using Chi-Square Method. International Conference on Complex, Intelligent and Software Intensive Systems, IEEE. 144. Oh, J., Im, C., and Jeong, H., 2010. A System for Analyzing Advance Bot Behavior Information Systems, Technology and Management. Springer Berlin Heidelberg, Vol. 54, pp. 56-63. 145. Patrick, T., 2013. Advanced Malware Detection Through Attack Lifecycle Analysis, ISC8 Secure. 146. Poremba, S.M., 2010. 2011 – The Year of the Botnet. IT Business Edge. 147. Qayyum, A., Islam, M.H., and Jamil, M. 2005. Taxonomy of Statistical Based Anomaly Detection Techniques for Intrusion Detection. International Conference on Emerging Technologies, IEEE. 148. Rahim, A., and Muhaya, F. T., 2010. Discovering the Botnet Detection Techniques. Springer Berlin Heidelberg. Vol. 122, pp. 231-235. 149. Rahul, R., Zubair, K., and Khan, M.H., 2012. Network Anomalies Detection using Statistical Technique: A Chi-Square Approach. Vol. 9, Issues 2, pp. 3. 150. Rainer, B., Stephan, S., and Joel, C., 2008. Application-level Simulation for Network Security. Proceedings of the 1st International Conference on Simulation tools and Techniques for Communications, Networks and Systems and Workshops. Marseille, France, ICST. 151. Ramachandran, A., Feamster, N. and Dagon, D. 2006. Revealing Botnet Membership using DNSBL Counter-Intelligence. Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet SRUTI, San Jose. 152. Razak, S., Zhou, M. and Lang, S. D. 2002. Network Intrusion Simulation Using OPNET. Proceedings of the OPNETWORK2002, pp. 1-5. 153. Ren, H., Stakhanova, N. and Ghorbani, A. A. 2010. An Online Adaptive Approach to Alert Correlation. Proceedings of the DIMVA 2010, pp. 153-172. 154. Reza, E.M., Arash, R. and Behrouz, M.B. 2009. Comparison of Classification Methods Based on the Type of Attributes and Sample Size, Journal of Convergence Information Technology, Vol. 4, Issue 3, pp. 94-102. 155. Ricardo, V., and Brustoloni, J., 2009. Bayesian Bot Detection Based on DNS Traffic Similarity. Proceedings of the 2009 ACM symposium on Applied Computing. Honolulu, Hawaii, ACM 156. Richard, J. 2001. A Rough Set Aided System for Sorting WWW Bookmarks", Springer. 157. Robert Richardson 2007. CSI Computer Crime and Security Survey, The 12th Annual Computer Crime and Security Survey. 158. Robiah, Y., Rahayu, S., Zaki, M., Shahrin, S., Faizal, M. A., and Marliza, R., 2009. A New Generic Taxonomy on Hybrid Malware Detection Technique. International Journal of Computer Science and Information Security, Vol. 5, Issue 1, pp. 56-61. 159. Robiah, Y., Rahayu, S., Zaki, M., Shahrin, S., Faizal, M. A., and Marliza, R., 2010. New Multi-Step Worm Attack Model. Journal of Computing, Vol. 2, Issue 1, pp. 1-7. 160. Robiah, Y. 2011. An Enhancement of Alert Correlation Rule Set for Malware Alarm Reduction, Ph. D. Thesis, Universiti Teknikal Malaysia Melaka, Malaysia. 161. Rostami, M. R., Shanmugam, B., and Idris, N., 2011. Analysis and Detection of P2P Botnet Connections based on Node Behavior. World Congress on Information and Communication Technologies WICT. 162. Sabahi, F. and Movaghar, A. 2008. Intrusion Detection: A Survey. The Third International Conference on System and Networks Communication, 163. Salleh, M. and Bakar, AZA, 2005. Comparative Performance of TCP Variants on Self-Similar Traffic. IEEE Conference on Computers, Communications and Signal Processing with Special Track on Biomedical Engineering. 164. SANs, 2005. Host vs Network based Intrusion Detection System. SANS Institute 2000-2005. 165. Sekar, R., Gupta, A., Frullo, J., Shahbhag, T., Tiware, A., and Yang, H., 2002. Specification-based Anomaly-Detection: A New Approach for Detecting Network Intrusions. ACM Computer and Communication Security Conference. 166. Shang-fu, G. and Chun-lan, Z. 2012. Intrusion Detection System Based on Classification. International Conference on Intelligent Control, Automatic Detection and High-End Equipment ICADE, IEEE. 167. Sharon, M. R. and Matthew, R., 2011. Reasons & Rigor: How Conceptual Frameworks Guide Research, London: SAGE Publications. 168. Shin, Y. H., 2009. A Survey of Botnet: Consequences, Defenses and Challenges. IEEE. 169. Song, J., Takakura, H., Okabe, Y. and Kwon, Y., 2011. Correlation Analysis between Honeypot Data and IDS Alerts Using One-class SVM. In Intrusion Detection Systems, pp. 173-192. InTech Open Access Publisher. 170. Stankovic, S., and Simic, D., 2009. Defense Strategies against Modern Botnets. International Journal of Computer Science and Information Security, Vol. 2, No. 1, pp. 11-17. 171. Stephen, W.K., 2009. Botnets Outmaneuvered: Georgia’s Cyberstrategy Disproves Cyberspace Carpet-bombing Theory. Armed Forces Journal 172. Stevanovic, M., and Pedersen, J., M. 2014. An efficient flow-based botnet detection using supervised machine learning. IEEE on Computing, Networking and Communication, pp. 797-801. 173. Stinson, E. and Mitchell, J. C., 2007. Characterizing Bots, Remote Control Behaviour, Proceedings of the 4th GI International Conference on Detection of Intrusions and Malware and Vulnerability Assessment DIMVA. 174. Stone-Gross, B., Holtz, T., Stringhini, G., and Vigna, G., 2011. The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns. IEEE. 175. Strayer, W., Lapsely, D., Walsh, R., and Livadas, C., 2008. Botnet Detection Based on Network Behavior Botnet Detection, Springer US, Vol. 36, pp. 1-24. 176. Stringhini, G., Holz, T., and Stone-Gross, B., 2011. BOTMAGNIFIER: Locating Spambots on the Internet, USENIX Security Symposium, pp. 1-32. 177. Su, C. and Thomas, E. D., 2009. P2P Botnet Detection using Behavior Clustering and Statistical Tests. Proceedings of the 2nd ACM Workshop on Security and Artificial Intelligence. 178. Subbulakshmi, T., Mathew, G. and Shalinie, D. S. M. 2010. Real Time Classification and Clustering of IDS Alerts Using Machine Learning Algorithms. International Journal of Artificial Intelligence & Applications IJAIA, Vol. 1, No.1, pp. 1-9. 179. Sun, D., Li, X., Liu, W., and Wu, J., 2010. The New Architecture of P2P Botnet. 2010 Second Cybercrime and Thrustworthy Computing Workshop. pp. 34-40. 180. Sundaram, A. 1996. An Introduction to Intrusion Detection. ACM Digital Library. 181. Szydlowski, M., Zhao, B. Y., Kirda, E., and Kruegel, C., 2011. BTLab: A System-Centric, Data-Driven Analysis and Measurement Platform for BitTorrent Clients. Proceedings of 20th International Conference on Computer Communications and Networks ICCCN. 182. Tjhai, G. C., Furnell, S. M., Papadaki, M. and Clarke, N. L., 2010. A Preliminary Two-Stage Alarm Correlation and Filtering System Using SOM Neural Network and K-Means Algorithm. Journal of Computers and Security, Vol. 29, pp. 712-723. 183. Tjhai, G. C., Papadaki, M., Furnell, S. M. and Clarke, N. L. 2008. Investigating the Problem of IDS False Alarms: An Experimental Study Using Snort. Proceedings of the 23rd International Information Security Conference SEC 2008, pp. 253-267. 184. Teodoro, G. P., Diaz-Verdejo, J., Macia-Fernandez, G., and Vazquez, E., 2009. Anomaly-based Network Intrusion Detection: Techniques, Systems and Challenges. Computers and Security 28, pp 18-28. 185. Teodoro, G. P., Diaz-Verdejo, J., Gabriel, M., and Leovigildo, S., 2007. Network-Based Hybrid Intrusion Detection and Honeysystems as Active Reaction Schemes. International Journal of Computer Science and Network Security IJCSNS, Vol. 7, No. 10, pp. 275-279. 186. Tobias, L., Veikko, P., Davide, B., and Engin, K., 2010. Honeybot, Your Man In The Middle For Automated Social Engineering. Proceedings of the 3rd USENIX conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, And More. San Jose, California, USENIX Association. 187. Tung-Ming, K., Hung-Chang, C., and Guo-Quan, W., 2011. Construction P2P firewall HTTP-Botnet Defense Mechanism. International Conference on Computer Science and Automation Engineering CSAE, IEEE. 188. Tyagi, A. K. and Aghila, G. 2011. A Wide Scale Survey on Botnet. International Journal of Computer Applications, pp. 10-23. 189. Van Helmond, D.J., and Schonewille, A. 2006. The Domain Name Service as an IDS. Master Project University of Amsterdam, Netherlands. 190. Vapnik, V., 1998. Statistical Learning Theory, USA: Springer. 191. Villamarin-Salomon, R. and Brustoloni J. C., 2008. Identifying Botnet Using Anomaly Detection Techniques Applied to DNS Traffic. 5th IEEE Consumer Communications and Networking Conference CCNC. 192. Vu Q.H., Lupu, M., and Ooi, B. C., 2010. Peer-to-Peer Computing: Principles and Application, New York: Springer-Verlag. 193. Wang, L., Yu, G., Wang, G. and Wang, D., 2002, Method of Evolutionary Neural Network-based Intrusion Detection. Journal North Eastern University Natural Science, Vol. 23, pp. 107-110. 194. Wang, P., Aslam, B., and Zou, C., 2010. Peer-to-Peer Botnets. Handbook of Information and Communication Security, Springer Berlin Heidelberg, pp. 335-350. 195. Wang, P., Wu, L., and Aslam, B., 2009. A Systematic Study on Peer-to-Peer Botnets. Proceeding of Computer Communications and Networks. 196. Wang, X., and Yang Y. 2014. A Collaborative Traceback against P2P Botnet using Information Sharing and Correlation Analysis. IEEE International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery. pp. 132-138. 197. Weaver, R. 2010. A Probabilistic Population Study of the Conficker-C Botnet. Springer Berlin / Heidelberg, Vol. 6032, pp. 181-190. 198. Wei, L., and Mahbod, T., 2009. Automatic Discovery of Botnet Communities on Large-Scale Communication Networks. Proceedings of the 4th International Symposium on Information, Computer and Communications Security. Sydney, Australia, ACM. 199. Wei, W., Binxing, F., Zhaoxin, Z., and Chao, L., 2009. A Novel Approach to Detect IRC-Based Botnet. International Conference on Networks Security, Wireless Communications and Trusted Computing NSWCTC. 200. Wen-Hwa, L. and Chia-Ching, C. 2010. Peer to Peer Botnet Detection Using Data Mining Scheme. International Conference on Internet Technology and Applications. 201. Witcha, C., Abdul Hanan, A., Mohd Noor, M.S., Surat, S. and Siriporn, C, 2006. Anomaly-based Intrusion Detection using Fuzzy Rough Clustering. International Conference on Hybrid Information Technology ICHIT, IEEE. 202. Wurzinger, P., and Bilge, L., 2009. Automatically Generating Models for Botnet Detection Computer Security. Springer Berlin / Heidelberg, Vol. 5789, pp. 232-249. 203. Xie, Y., and Zhang, Y., 2013. An Intelligent Anomaly Analysis for Intrusion Detection based on SVM. International Conference on Computer Science and Information Processing CSIP, IEEE. 204. Xu, W., Zhang, F. and Zhu, S. 2010. Toward Worm Detection in Online Social Networks. Proceedings of the ACSAC ‟10, pp. 11-20. 205. Xuefeng, L., Haixin, D., Wu, L., Jianping, W., 2010. The growing model of Botnets. Green Circuits and Systems ICGCS. 206. Ye, N., Emran, S.M., Li, X. and Chen, Q. 2001. Statistical Process Control for Computer Intrusion Detection. Proceedings of DARPA Information Survivability Conference and Amp; Exposition II DISCEX, IEEE. 207. Yin, C. and Ghorbani, A. 2011. P2P Botnet Detection Based on Association between Common Network Behaviors and Host Behaviors. International Conference on Multimedia Technology, pp. 5010-5012. 208. Yinglian, X., Fang, Y., Kannan, A., Rina, P., Geoff, H., and Ivan, O., 2008. Spamming Botnet: Signatures and Characteristics. Proceedings of the ACM SIGCOMM Conference on Data Communication. 209. Yong, F. Z., DeYu, Q., and JingLin, H., 2005. MBMAS: A System for Malware Behavior Monitor and Analysis. CNMT '09. pp. 1-4. 210. Yuanyuan, Z., Xin, H., and Kang, G., 2010. Detection of Botnet using Combined Host-and Network-Level Information. IEEE/IFIP International Conference on Dependable Systems and Networks DSN. 211. Zang, X., and Tangpong, A., 2011. Botnet Detection through Fine Flow Classification. CSE Dept Technical Report CSE11-001. 212. Zeidanloo, H. R., 2010. Botnet Detection by Monitoring Similar Communication Patterns. IJCSIS International Journal of Computer Science and Information Security, Vol. 7, No. 3, pp. 36-45. 213. Zeidanloo, H. R., Azizah, M., Payam, V., Farzaneh, T., and Mazdak, Z., 2010. Botnet Detection based on Traffic Monitoring. International Conference on Networking and Information Technology ICNIT. 214. Zeidanloo, H. R., Hosseinpour, F., and Eternad, F.F., 2010. New Approach for Detection of IRC and P2P Botnet. International Journal of Computer and Electrical Engineering, Vol. 2, No. 6, pp. 1793-8163. 215. Zeidanloo, H.R., Shooshtari, M.J.Z., Amoli, P.V., Safari, M., and Zamani, M., 2010. A Taxonomy of Botnet Detection Techniques. 3rd International Conference on Computer Science and Information Technology ICCSIT, Vol. 2, pp. 158-162. 216. Zhang, D. and Leckie, C., 2006. An Evaluation Technique for Network Intrusion Systems. Proceeding of the First International Conference on Scalable Information Systems. 217. Zhang, W., Yang, Q. and Geng, Y. 2009. A Survey of Anomaly Detection Methods in Networks. International Symposium on Computer Network and Multimedia Technology CNMT. 218. Zhang, W., Wang, Y.J., and Wang X., L. 2014. A Survey of Defense against P2P Botnets. IEEE International Conference on Dependable, Autonomic and Secure Computing, pp. 97-102. 219. Zhaosheng, Z., Guohan, L., Yan, C., and Zhi, F., 2008. Botnet Research Survey. IEEE Computer Software and Applications, COMPSAC. 220. Zhiqi, Z., Baochen, L., Peng, L., and Chaoge, L., 2011. A Hierarchical Hybrid Structure for Botnet Control and Command. IEEE International Conference on Computer Science and Automation Engineering CSAE. 221. Zhu, B. and Ghorbani, A., 2006. Alert Correlation for Extracting Attack Strategies. International Journal of Network Security, Vol. 33, pp. 244-258.