針對殭屍網絡感染的戰爭是誰想要感覺安全對妥協主機任何威脅普通用戶和企業轉戰每一天。隨著巨大的和不斷增長的，攻擊者都在創造新的方法，以捕食脆弱的用戶及其設備保持一致。有必要關注什麼熄滅一個網絡和分析單個感染網絡流可以具有在整個網絡的影響。
在本文中，我們將專注於一個特定種類的殭屍網絡的行為，點對點（P2P），它隨著混合動力殭屍網絡是攻擊者之間不斷增長的趨勢，誰廣泛而詳盡尋找新的方法來繞過所有安全牆通過任何可能的手段。主要做法將包括要素之間從網絡流量中提取的行為相比，只能著眼於從P2P應用的流量，包括P2P殭屍網絡。
在本文中，我們將評估潛在的無監督學習有對P2P殭屍網絡，因為這種類型的學習已被證明與分類的未知變量更好的工作。從常見的P2P應用的數據包結合從一些已知的P2P殭屍網絡就像宙斯和的Waledac會被分析和測試惡意流量。這些算法將進行比較，以便確定，在準確性方面，這是確定不同類型的P2P應用，包括殭屍網絡感染網絡流的最佳擬合。

The war against botnet infection is fought every day by common users and enterprises who want to feel safe against any threat of compromise hosts. With the enormous and continuous growth, attackers are consistent in creating new methods to prey on vulnerable users and their devices. It is necessary to pay close attention to what goes out of a network and analyze the impact a single infected network flow may have over the entire network.
In this paper we are going to focus on the behavior of a particular kind of botnet, Peer 2 Peer (P2P), which along with hybrid botnets is a growing trend among attackers, who extensively and exhaustively search for new ways to bypass all security walls by any means possible. The main approach will consist of a behavior comparison among features extracted from network flows, focusing only in the flows from P2P applications including P2P botnets.
In this thesis, we will assess the potential unsupervised learning has against P2P botnets, because this type of learning has proved to work better with unknown variables of classification. The packets from common P2P applications combine with malicious flows from some known P2P botnets like Zeus and Waledac will be analyze and tested. These algorithms will be compared, in order to determine, in terms of accuracy, which is the best fit to identify different types of P2P applications, including the Botnet infected network flows.

[1] Rob Price, "Business Insider," 28 May 2015. [Online]. Available: http://www.businessinsider.com/hola-used-for-botnet-on-chrome-2015-5. [Accessed 6 June 2015].
[2] Kaspersky Lab, "SecureList," Kaspersky, 29 May 2015. [Online]. Available: https://securelist.com/blog/research/70071/statistics-on-botnet-assisted-ddos-attacks-in-q1-2015/. [Accessed 6 June 2015].
[3] Pijush Barthakur, Manoj Dahal and Mrinal Kanti Ghose, "A Framework for P2P Botnet Detection Using SVM," in International Conference on Cyber-Enabled Distributed Computing and Knowledge Discover, Sanya, 2012.
[4] Chang, Wen-Hwa Liao and Chia-Ching, "Peer to Peer Botnet Detection Using Data Mining Scheme," in 2010 International Conference on Internet Technology and Applications, Wuhan, 2010.
[5] eMule, "eMule Project," [Online]. Available: http://www.emule-project.net/home/perl/general.cgi?l=1. [Accessed 7 June 2015].
[6] Skype, "Skype," Microsoft, [Online]. Available: https://support.skype.com/en/faq/FA10983/what-are-p2p-communications. [Accessed 7 June 2015].
[7] BitTorrent, "BitTorrent," BitTorrent Inc., [Online]. Available: http://www.bittorrent.com/. [Accessed 7 June 2015].
[8] Ping Wang, Baber Aslam, and Cliff C. Zou, "Peer-to-Peer Botnets," in Handbook of Information and Communication Security, Springer, 2010, pp. 335-350.
[9] John Vacca, Computer and Information Security Handbook, Morgan Kaufmann, 2009.
[10] Pratik Narang, "PeerShark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification," EURASIP Journal on Information Security, 2014.
[11] Symantec Security Response, "Zeus Now Setting its Sights on Japanese Online Banking Customers," Symantec, 11 February 2013. [Online]. Available: http://www.symantec.com/connect/blogs/zeus-now-setting-its-sights-japanese-online-banking-customers. [Accessed 7 June 2015].
[12] Andrea Lelli, "Symantec Official Blog," Symantec, 12 January 2011. [Online]. Available: http://www.symantec.com/connect/blogs/return-dead-waledacstorm-botnet-back-rise. [Accessed 7 June 2015].
[13] Alan Neville, "Symantec Official Blog," Symantec, 4 June 2013. [Online]. Available: http://www.symantec.com/connect/blogs/waledac-reloaded-trojanrloaderb. [Accessed 7 June 2015].
[14] Zoubin Ghahramani, "Unsupervised Learning," in Advanced Lectures on Machine Learning, Berlin, Springer, 2004, pp. 72-112.
[15] Shmoys Hochbaum, "A best possible heuristic for the k-center problem," in Mathematics of Operations Research, 1985.
[16] Pang-Ning Tan, Michael Steinbach and Vipin Kumar, "Cluster Analysis: Basic Concepts and Algorithms," in Introduction to Data Mining, Pearson, 2005, pp. 487-559.
[17] Jun Li, Shunyi Zhang, Yanqing Lu and Junrong Yan, "Real-Time P2P Traffic Identification," in Global Telecommunications Conference, New Orleans, 2008.
[18] Guofei Gu, Roberto Perdisci, Junjie Zhang and Wenke Lee, "BotMiner: Clustering Analysis of Network Traffic for," in USENIX Security Symposium, 2008.
[19] Shree Garg, Ankush K. Singh, Anil K.Sarje and Sateesh K.Peddoju, "Behaviour Analysis of Machine Learning Algorithms," in 15th International Conference on Advanced Computing Technologies (ICACT), 2013.
[20] Sharath Chandra Guntuku, Pratik Narang and Chittaranjan Hota, "Real-time Peer-to-Peer Botnet Detection Framework," 2013.
[21] Babak Rahbarinia, Roberto Perdisci, Andrea Lanzi and Kang Li, "PeerRush: Mining for Unwanted P2P Traffic," in Detection of Intrusions and Malware, and Vulnerability Assessment, vol. 7967, Springer, 2013, pp. 62-82.
[22] UTorrent, "UTorrent," BitTorrent Inc., 2015. [Online]. Available: http://www.utorrent.com/. [Accessed 11 June 2015].
[23] Vuze, "Vuze," Azureus Software, Inc., 2014. [Online]. Available: http://www.vuze.com/. [Accessed 11 June 2015].
[24] FrostWire, "FrostWire," FrostWire, 2005-2015. [Online]. Available: http://www.frostwire.com/. [Accessed 11 June 2015].
[25] NETMATE, "netmate-flowcalc," [Online]. Available: https://code.google.com/p/netmate-flowcalc/. [Accessed 1 May 2015].
[26] Mark Hall, Eibe Frank, Geoffrey Holmes, Bernhard Pfahringer, Peter Reutemann, Ian H. Witten, "The WEKA Data Mining Software: An Update," in SIGKDD Explorations, 2009.
[27] Shang-Chiuan Su, "Detecting P2P Botnet in Software Defined Network," Hsinchu, 2015.
[28] Rapid Miner, "Rapid Miner," Rapid Miner, [Online]. Available: http://docs.rapidminer.com/studio/operators/modeling/clustering/dbscan.html. [Accessed 20 June 2015].