中文摘要：

僵尸网络已经成为当前最为严重的网络威胁之一，其中P2P僵尸网络得到迅速发展，其自身的通信特征给检测带来巨大的挑战．针对P2P僵尸网络检测技术的研究已经引起研究人员的广泛关注．提出一种P2P僵尸网络在线检测方法，首先采用信息熵技术发现网络流量中的异常点，然后通过分析P2P僵尸网络中主机的行为异常，利用统计学中的假设检验技术，从正常的网络流量数据中识别出可疑P2P僵尸主机，同时根据僵尸主机通信模式的相似性进行最终确认．实验结果表明该方法能够有效实现P2P僵尸网络的在线检测．

英文摘要：

Bothers have become one of the most serious threats on the Interact. P2P-based Botnets have been developed a lot. The communication characteristics of P2P-based botnets bring great challenge for detection, which attract extensive attention of research communities. This paper proposed a new technique that can detect the P2P-based botnets activities in an online way. Firstly, we search the anomaly from network tra.ffic by means of entropy analysis. Analyzing the behavioral anomaly of P2P-based botnets and distinguish the suspected P2P-based botnets hosts from normal network traffic by the hypothesis testing technique. Finally the botnet host identities would be confirmed by the similarity analysis of the communication pattern. The experimental evaluations show that this approach can achieve P2P-based botnets detection efficiently.