Botnet detection using correlated anomalies

Naveen Davis

AbstractBotnets are collections of computers which have come under the control of a malicious person or organization, and can be ordered to perform various malicious tasks such as sending spam mail,performing click fraud, farming personal or other confidential information, or performing distributed denial of service attacks. They are currently regarded as one of the major threats to the widespread use of the Internet, and finding ways to counter them is a challenge of great importance.
The goal of the thesis is to produce a simple prototype which detects botnet attacks by correlating patterns of anomalous behavior which develop in similar ways in different parts of a network, such as within a sub-set of the computers within a given subnet. In order to accomplish this we carried out a study of the literature on analysis methods of this type and decided to exploit a method which combines both host-level and network-level information to detect anomalous behavior. We selected a suitable platform and operating system to perform the analysis. We were able to obtain some valuable results from the analysis, but it was not enough to come up with a precise conclusion.
TypeMaster's thesis [Academic thesis]
Year2012
PublisherTechnical University of Denmark, DTU Informatics, E-mail: reception@imm.dtu.dk
AddressAsmussens Alle, Building 305, DK-2800 Kgs. Lyngby, Denmark
SeriesIMM-M.Sc.-2012-50
NoteSupervised by Professor Robin Sharp, ris@imm.dtu.dk, DTU Informatics
Electronic version(s)[pdf]
Publication linkhttp://www.imm.dtu.dk/English.aspx
BibTeX data [bibtex]
IMM Group(s)Computer Science & Engineering