Using Unsupervised Machine Learning to Detect Peer-to-Peer Botnet Flows

  • Andrea E. Medina Paredes
  • Yuan-Yuan Su
  • Wei Wu
  • Hung-Min Sun


The war against botnet infection is fought every day by users that want to feel safe against any threat of compromise hosts. In this paper we are going to focus on the behavior of Peer 2 Peer (P2P) botnets, which along with hybrid botnets is a growing trend among attackers. The main approach will consist of a behavior comparison among features extracted from network flows, focusing only in the flows from P2P applications including P2P botnets.


R. Price, “Business Insider,”, May 2015.

P. Barthakur, M. Dahal, and M. K. Ghose, “A framework for P2P botnet detection using SVM,” in International Conference on Cyber-Enabled Distributed Computing and Knowledge Discover, Sanya, 2012.

W. H. Liao and C. C. Chang,, “Peer to peer botnet detection using data mining scheme,” International Conference on Internet Technology and Applications, Wuhan, 2010.

S. Hochbaum, “A best possible heuristic for the k-center problem,” in Mathematics of Operations Research, 1985.

P. N. Tan, M. Steinbach, and V. Kumar, “Cluster analysis: basic concepts and algorithms,” Introduction to Data Mining, Pearson, pp. 487-559, 2005.

M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten, “The WEKA data mining software: an update,” SIGKDD Explorations, 2009.

B. Rahbarinia, R. Perdisci, A. Lanzi, and K. Li, “PeerRush: mining for unwanted P2P traffic,” Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, vol. 7967, pp. 62-82, 2013.

How to Cite
Paredes, A. E. M., Su, Y.-Y., Wu, W., & Sun, H.-M. (2016). Using Unsupervised Machine Learning to Detect Peer-to-Peer Botnet Flows. Proceedings of Engineering and Technology Innovation, 3, 28-30. Retrieved from