Botnet detection using correlated anomalies | Naveen Davis
| | Abstract | Botnets are collections of computers which have come under the control of a malicious person or organization, and can be ordered to perform various malicious tasks such as sending spam mail,performing click fraud, farming personal or other confi�dential information, or performing distributed denial of service attacks. They are currently regarded as one of the major threats to the widespread use of the Internet, and �finding ways to counter them is a challenge of great importance.
The goal of the thesis is to produce a simple prototype which detects botnet attacks by correlating patterns of anomalous behavior which develop in similar ways in different parts of a network, such as within a sub-set of the computers within a given subnet. In order to accomplish this we carried out a study of the literature on analysis methods of this type and decided to exploit a method which combines both host-level and network-level information to detect anomalous behavior. We selected a suitable platform and operating system to perform the analysis. We were able to obtain some valuable results from the analysis, but it was not enough to come up with a precise conclusion. | | Type | Master's thesis [Academic thesis] | | Year | 2012 | | Publisher | Technical University of Denmark, DTU Informatics, E-mail: reception@imm.dtu.dk | | Address | Asmussens Alle, Building 305, DK-2800 Kgs. Lyngby, Denmark | | Series | IMM-M.Sc.-2012-50 | | Note | Supervised by Professor Robin Sharp, ris@imm.dtu.dk, DTU Informatics | | Electronic version(s) | [pdf] | | Publication link | http://www.imm.dtu.dk/English.aspx | | BibTeX data | [bibtex] | | IMM Group(s) | Computer Science & Engineering |
|