• NADIA ABDULKALAM

The internet is not a safe place.Hosts can expect to be compromised within minutes of connecting to the Internet and even well-protected hosts may be affected with denial-of-service (DoS) attacks. However, such threats to host systems are widely known, it is less well encouraged that the network infrastructure itself is subject to constant attack. Once a router has been installed in such a fashion, an attacker may intrude on the traffic stream and manipulate it maliciously to attack others—selectively dropping, modifying, or rerouting packets. To detect such traffic manipulations, traffic transmitted by one router is received unmodified by another. However, all of these schemes struggle in interpreting the absence of traffic. While a packet that has been modified in transit represents clear evidence of tampering, a missing packet is inherently known.It will be blocked by another router or it may lost due to network congestion. In fact, modern routers drop packets due to break in traffic that exceed their buffering capacities.It widely use Transmission Control Protocol (TCP) to controll such losses as part of its normal congestion control behavior. Thus, existing traffic validation systems must produce false positives for benign events and/or produce false negatives by failing to report real malicious packet dropping. Botnets can cause significant security threat and huge loss to organizations, and are difficult to discover their existence. Therefore they have become one of the most severe threats on the Internet. The core component of botnets is their command and control channel. Botnets often use IRC (Internet Relay Chat) as a communication channel through which the botmaster can control the bots to launch attacks or propagate more infections. In this project , we develop a router detection protocol that dynamically find the number of congestive packet losses that will occur. Once the congestion totally removed, subsequent packet losses can be safely attributed to malicious actions. This is the first protocol that automatically predict congestion in a systematic manner and find that making any such network fault detection. Score based botnet detection is proposed to identify the botnet activities by using the similarity measurement and the periodic character of botnets. To improve the detection rate, the proposed system employs two-level correlation relating the set of hosts with same anomaly behaviors. The proposed method can differentiate the malicious network traffic generated by infected hosts (bots) from that by normal IRC clients, even in a network with only a very small number of bots. In the remainder of this project, we briefly survey the related background material, evaluate options for inferring congestion, and then present the assumptions, specification, and a formal description of a protocol that achieves these goals. We have evaluated our protocol in a small experimental network and demonstrate that it is capable of accurately resolving extremely small and fine-grained attacks. The experimental results show that, regardless the size of the botnet in a network, the proposed approach efficiently detects abnormal IRC traffic and identifies botnet activities.

botnet,P2P network,packet dropping,IRC delay

"PACKET CLASSIFICATION AND INTRUSION DETECTION IN PEER TO PEER BOTNET NETWORK", International Journal of Emerging Technologies and Innovative Research (www.jetir.org), ISSN:2349-5162, Vol.5, Issue 9, page no.733-744, September-2018, Available :http://www.jetir.org/papers/JETIR1809249.pdf

"PACKET CLASSIFICATION AND INTRUSION DETECTION IN PEER TO PEER BOTNET NETWORK", International Journal of Emerging Technologies and Innovative Research (www.jetir.org | UGC and issn Approved), ISSN:2349-5162, Vol.5, Issue 9, page no. pp733-744, September-2018, Available at : http://www.jetir.org/papers/JETIR1809249.pdf