Computer Science ›› 2016, Vol. 43 ›› Issue (7): 141-146.doi: 10.11896/j.issn.1002-137X.2016.07.025

P2P Botnet Detection Based on Permutation Entropy and Multi-sensor Data Fusion on Decision Level

SONG Yuan-zhang   

  • Online:2018-12-01 Published:2018-12-01

Abstract: Aiming at the problems of the existing P2P botnet detection methods,a novel P2P botnet detection algorithm based on the permutation entropy and the multi-sensor data fusion on the decision level was proposed.Firstly,it builds the abnormalities detection sensor and the reasons of abnormalities distinguishing sensor.The former sensor uses the permutation entropy to describe accurately the complexity characteristics of network traffic,which does not vary with the structure of P2P network,the P2P protocol and the attack.And the Kalman filter is used to detect the abnormalities of the complexity characteristics of network traffic.Considering that the traffic flow of Web applications is likely to affect the detection result,the latter sensor utilizes the features of TCP flow to solve the problem.Finally,the final result was obtained by fusing the results of two above sensors with the D-S evidence theory.The experiments show that the algorithm proposed in the paper is able to detect P2P botnet with high accuracy.

Key words: P2P botnet,Permutation entropy,Multi-sensor data fusion,Kalman filter

