Peer-to-Peer (P2P) botnet is one of the major threats in network security for serving as the infrastructure that is responsible for various cybercrimes. Enterprises routinely collect terabytes of security-relevant data. This proposed work exploits such data to propose a novel Internet-scale P2P botnet detection that fuses big data behavioral analytics in conjunction with graph theoretical concepts. In addition to detecting botnets in large data sets, our method capable of meeting the challenges that incur botnet having encrypted command-and-control (C&C) channels, the stealthy botnet that hard to observe any malicious activities in the network traffic, and botnet with randomized communication patterns.

In a popular botnet-assisted attack scenario, the attacker(s) commands a swarm of bot-infected computers to send out flooding packets to a target server, intending to reduce the services provided by the server, to a state where they cannot be accessed by legitimate users. It is essential to detect these attacks commonly known as Distributed Denial of Service (DDoS) attacks accurately in a timely fashion so that mitigation can be done before a server down.

Apart from detecting the threat, it is important to the organization that they have significant insights about the targeted attack to understand future short and long term trends of an ongoing P2P botnet attack. This helps to quantify attack impacts like intensity and estimated number of compromised machines. The second part of our work focused on using time series analysis to identify those features and provide the capability to recognize the current as well as future similar situations and hence appropriately respond to the threat.

Experimental evaluation for detection and forecasting has demonstrated both high accuracy and great scalability of the proposed system.