A Feature Extraction Method for P2P Botnet Detection Using Graphic Symmetry Concept
A DDoS (Distributed Denial of Service) attack makes use of a botnet to launch attacks and cause node congestion of wireless sensor networks, which is a common and serious threat. Due to the various kinds of features required in a Peer-to-Peer (P2P) botnet for DDoS attack detection via current machine learning methods and the failure to effectively detect encrypted botnets, this paper extracts the data packet size and the symmetric intervals in flow according to the concept of graphic symmetry. Combined with flow information entropy and session features, the frequency domain features can be sorted so as to obtain features with better correlations, which solves the problem of multiple types of features required for detection. Information entropy corresponding to the flow size can distinguish an encrypted botnet. This method is implemented through machine learning techniques. Experimental results show that the proposed method can detect the P2P botnet for DDoS attack and the detection accuracy is higher than that of traditional feature detection.