Files
Abstract
Peer-to-Peer botnets are of particular concern in the world of network security because of the difficulty involved in identifying the botmaster node in the network. This paper seeks to address this issue incrementally by developing a statistical model for the control, or signaling, network flows of the most popular P2P VoIP application, Skype, as a first step toward identifying known P2P applications for the purposes of whitelisting them in a network trace. Through construction of a dataset containing real-world Skype traces and real-world traces for four other popular P2P file-sharing programs, a statistical model is created which incorportates the flow behaviors of Skype control flows. This statistical model is tested using four classification algorithms, and the results show a very high accuracy and low false positive rate for successfully identifying Skype control flows against the control flows of the other P2P applications.