Pengesanan Botnet P2P Menggunakan Teknik Pengenalpastian Nilai Ambang

Abstract

P2P Botnet or ‘Peer to Peer’ Botnet is known as one of the most dangerous threats to computer network technology. Previously, several detection techniques have been proposed to detect its presence. One of the techniques focused is on feature sets as a detection mechanism. However, previous studies highlighted feature detection for this Botnet family found that there is a lack of research on the threshold value feature as botnet detection. Research so far tends to focus on detection features rather than analysis on the feature itself. In this study, identifying threshold values ​​for P2P Botnet detection is based on seven bot samples and 52 features taken from the observed network traffic. suggests methodologies consisting of feature selection modules, logistics regression modules and threshold value identification. The approach successfully identifies a set of features to detect P2P Botnets. The traffic observation test shows that P2P Botnet detection is based on the pushed_data_pkts_b2a and pure_act_pkts_a2b features where the threshold cutting value for both is at 80% detection rate which contributes to the detection of botnet P2P botnet detection at a higher rate.