A Reinforcement Approach for Detecting P2P Botnet Communities in Dynamic Communication Graphs

TL;DR

This paper introduces a reinforcement learning method to detect evolving P2P botnet communities in dynamic communication graphs, enhancing detection accuracy over static approaches.

Contribution

It presents a novel reinforcement-based technique specifically designed for large, dynamic communication graphs to improve P2P botnet community detection.

Findings

Improved precision and recall in detecting P2P botnet communities.

Effective in large, evolving communication graphs.

Addresses the limitations of static graph analysis methods.

Abstract

Peer-to-peer (P2P) botnets use decentralized command and control networks that make them resilient to disruptions. The P2P botnet overlay networks manifest structures in mutual-contact graphs, also called communication graphs, formed using network traffic information. It has been shown that these structures can be detected using community detection techniques from graph theory. These previous works, however, treat the communication graphs and the P2P botnet structures as static. In reality, communication graphs are dynamic as they represent the continuously changing network traffic flows. Similarly, the P2P botnets also evolve with time, as new bots join and existing bots leave either temporarily or permanently. In this paper we address the problem of detecting such evolving P2P botnet communities in dynamic communication graphs. We propose a reinforcement-based approach, suitable for large communication graphs, that improves precision and recall of P2P botnet community detection in dynamic communication graphs.