To see the other types of publications on this topic, follow the link: P2P Botnet Detection.
Dissertations / Theses on the topic 'P2P Botnet Detection'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 15 dissertations / theses for your research on the topic 'P2P Botnet Detection.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Venkatesh, Bharath. "Fast Identification of Structured P2P Botnets Using Community Detection Algorithms." Thesis, 2013. http://etd.iisc.ernet.in/2005/3470.
Full textAbstract:
Botnets are a global problem, and effective botnet detection requires cooperation of large Internet Service Providers, allowing near global visibility of traffic that can be exploited to detect them. The global visibility comes with huge challenges, especially in the amount of data that has to be analysed. To handle such large volumes of data, a robust and effective detection method is the need of the hour and it must rely primarily on a reduced or abstracted form of data such as a graph of hosts, with the presence of an edge between two hosts if there is any data communication between them. Such an abstraction would be easy to construct and store, as very little of the packet needs to be looked at.
Structured P2P command and control have been shown to be robust against targeted and random node failures, thus are ideal mechanisms for botmasters to organize and command their botnets effectively. Thus this thesis develops a scalable, efficient and robust algorithm for the detection of structured P2P botnets in large traffic graphs. It draws from the advances in the state of the art in Community Detection, which aim to partition a graph into dense communities.
Popular Community Detection Algorithms with low theoretical time complexities such as Label Propagation, Infomap and Louvain Method have been implemented and compared on large LFR benchmark graphs to study their efficiency. Louvain method is found to be capable of handling graphs of millions of vertices and billions of edges. This thesis analyses the performance of this method with two objective functions, Modularity and Stability and found that neither of them are robust and general.
In order to overcome the limitations of these objective functions, a third objective function proposed in the literature is considered. This objective function has previously been used in the case of Protein Interaction Networks successfully, and used in this thesis to detect structured P2P botnets for the first time. Further, the differences in the topological properties - assortativity and density, of structured P2P botnet communities and benign communities are discussed. In order to exploit these differences, a novel measure based on mean regular degree is proposed, which captures both the assortativity and the density of a graph and its properties are studied.
This thesis proposes a robust and efficient algorithm that combines the use of greedy community detection and community filtering using the proposed measure mean regular degree. The proposed algorithm is tested extensively on a large number of datasets and found to be comparable in performance in most cases to an existing botnet detection algorithm called BotGrep and found to be significantly faster.
2
Kai-WeiChan and 詹鎧瑋. "Study On Unsupervised Session-Based P2P Botnet Detection." Thesis, 2015. http://ndltd.ncl.edu.tw/handle/12073386091925909864.
Full textAbstract:
碩士<br>國立成功大學<br>電腦與通信工程研究所<br>103<br>Decentralized or Peer-to-Peer (P2P) Botnets are difficult to recognize than traditional centralized Botnets because of intrinsic of their network topology. Most previous works on P2P Botnet detection, only focus on analyzing the attack phase. It is hard to detect P2P Botnets before their attacks because of the lack of network trace. For detecting P2P Botnets, in this paper, we proposed a session-based P2P Botnets detection system based on unsupervised machine learning with large traffic volume to obtain the suspicious behavior patterns. We believe that all P2P Botnet has its own communication patterns, and it cannot hide anymore inside long periods even using randomized noise during their talks.
3
Huang, Yu-Hao, and 黃羽豪. "Conversation-based P2P botnet detection with machine learning." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/cdj6j9.
Full text
4
YANG, SHAN-YI, and 楊善壹. "P2P Botnet Detection based on Network Behavior Similarity Evaluation." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/49006421710006240805.
Full textAbstract:
碩士<br>逢甲大學<br>資訊工程學系<br>105<br>Recently, many devices are hacked and become bot. Hackers use C & C servers to control these bot. Bots usually hide their information in specific network traffic such as P2P traffic. It is not easy for network administrators to find these malicious traffics in P2P traffic. For the P2P botnet, if a bot is found and block, the hacker can issue commands from another bot and the botnet still works.
In order to update the status of the entire P2P botnet, the bot master periodically sends commands to the bot. Bots also regularly download the peer list from other bots. The feature of the connect time and the packet length are very regular. Besides, the bots will connect to other bots according to the peer list, the simultaneous connections are very large.
In this thesis, we propose a methodology based on the network behavior similarity. We use the machine learning algorithm to aggregate similarity flows in the same cluster and calculate the similarity of the flows for each cluster to find the suspicious cluster. In a suspicious cluster, the method uses the host connection behavior to find bot.
5
Chih-HangSu and 蘇誌航. "Enhancing P2P Botnet Detection through Cross-Domain NetFlow Analysis." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/v3x73p.
Full text
6
Pin-HaoChen and 陳品豪. "Study on Deep Neural Network Approach to P2P botnet detection." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/ucsrs6.
Full text
7
Wei-ChengLing and 凌偉誠. "A Visualization Framework for P2P Botnet Detection Based on Netflow Analysis." Thesis, 2016. http://ndltd.ncl.edu.tw/handle/u64cmx.
Full textAbstract:
碩士<br>國立成功大學<br>電腦與通信工程研究所<br>104<br>In recent years, the cyber-crimes become a significant issue threat everyone on Internet. There are numerous researches about botnet detection, but most of them only
provide the text-based informatics that is not intuitive for humanity cognition. There are trends about leveraging modern Web technology to present a more deep insight
from data itself. Using visualization on bot activities we think can help network operator to disclose more perceptions about their behaviors. We proposed a botnet
visualization framework to apply malicious consequences into a perceptible representation.
The visualization framework uses Node.js and HTLM5 with Jquery to construct a front-end interface. Network log and malicious behaviors are indexing and store in the
Elasticsearch. Besides, we also characterize those traces to build some compendium into a pivot table to promote the query speed in user interactive. With the sustenance
of several viewpoints, we expect our framework can support administrators to identify more sophisticated acumen about botnet activities.
8
Ye, Jia-Siang, and 葉佳祥. "SCAP : A P2P Botnet Detection System by Analyzing Composite Traffic Characteristic." Thesis, 2016. http://ndltd.ncl.edu.tw/handle/ug9sfz.
Full textAbstract:
碩士<br>國立臺灣科技大學<br>資訊工程系<br>104<br>During the last two decades, P2P botnets have severe security threat to the contemporary information networks. Usually attackers first distribute malware to control the victim’s host and then use the host as a springboard to launch attack on the specific targets.
Because the botnets become smarter than ever to avoid security detection,many researches on both centralized and decentralized botnets regarding security detection have been reported. Among them, some researchers focused on the conversation-based detection. However, the problem of composite traffic occurs frequently in these researches. In our study, we do not use ”conversation” to detect botnet but use ”payload conversation”. With the characteristic of ”payload conversation”, our system can tackle with the composite traffic problems. We then propose a new algorithm called ”Spatial Clustering of Applications without Parameter” (SCAP) to classify the traffic problems. SCAP is a nonparametric algorithm which is an improved version of K-means. SCAP can automatically cluster training data without setting any parameters. With this advantage, our system can deal with the traffic problemsin different P2P applications.
9
Yu-EnChang and 張育恩. "A Clustering Algorithm with Fluctuant-Centroid Adjustment for P2P Botnet Detection." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/25hn2k.
Full text
10
Sheng-MinHsu and 徐晟旼. "A Similarity-based P2P Botnet Detection Algorithm for Inter-Domain NetFlow Analysis." Thesis, 2016. http://ndltd.ncl.edu.tw/handle/89939394803554483764.
Full textAbstract:
碩士<br>國立成功大學<br>電腦與通信工程研究所<br>104<br>Recently, peer-to-peer (P2P) botnets have been adopted for a variety of cyber-crimes. Many approaches for P2P botnet detections had studied, but most of them are based on a single domain traffic to analyze bot activities. It seems hard to recognize the malicious activities from a single domain traffic, especially for P2P botnets that often scattered across the Internet to exchange information.
In this paper, we propose an innovative P2P botnet detection algorithm to federate multiple sites to inter-domain traffic analysis. Our algorithm first extracts traffic as feature vectors, and then run a cooperative graph-based algorithm across multiple domains to improve precision. We believe our P2P botnet detection can solve well-known and unknown botnets. Evaluation based on real traffic journal shows the availability of our approach, and the verification was given using VirusTotal to validate the outcomes correctness which at least 80 percentage malicious IPs appeared on it.
11
Wei-ChenWu and 吳偉誠. "A Generic P2P Botnet Detection Framework based on Multi-dimensional Similarity Computation." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/84652669626600444839.
Full textAbstract:
碩士<br>國立成功大學<br>電腦與通信工程研究所<br>102<br>In recent years, botnet is widely adopted by hackers as the tool for cybercrime. Especially, the P2P botnet with decentralized communication structure is more difficult to detect and trace. The detection methods proposed in previous works require signatures of known botnet or training data in statistics to define a specific threshold for identifying anomalous network traffic. However, these approaches are not generic solutions. Whenever the behavior of botnet is changed or a new variant of botnet appears, we have no choice but to redesign a new method. As mentioned above, it is definitely essential to present a generic detection method.
Since same bots are infected by the same binary, the communication traffic would be very similar. Even if botnet updates or mutates, the same bots still share high similarity. We proposed a multi-dimensional similarity measure based on three major characteristics which can find out anomalous traffic with high similarity and further detect unknown P2P botnet.
12
Mu-LinHuang and 黃睦林. "A Streaming P2P Botnet Quick Detection System based on Group Features of BotCluster." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/sc6p56.
Full textAbstract:
碩士<br>國立成功大學<br>電腦與通信工程研究所<br>106<br>Preventing botnets is crucial for maintaining cybersecurity. Although there are many detection tools for preventing botnets, most of them use batch processing systems for detection. For example, the work of our previous research, BotCluster, uses batch processing system to detect P2P botnets. The batch processing system like BotCluster needs to accumulate enough data in advance to start a perfect detection of our grouping algorithm, so the time to detection (TTD), which is from data generation to analysis of the data, will be very long. For urgent botnets, reducing the TTD can significantly reduce the damage of these botnets.
In this research, we will use the malicious network behavior characteristics of the previously detected result from BotCluster to quickly detect the new incoming NetFlow data. Besides, the quick detection will perform in the streaming process platform for processing the input data rapidly. Finally, the quick detection can reach 90% precision and reduce the TTD from 24 hours to 2 hours.
13
Jia-HongYap and 葉家宏. "Using Data Cleansing to Promote Performance of Deep Learning for P2P Botnet Detection." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/wbf349.
Full text
14
Su, Shang-Chiuan, and 蘇上全. "Detecting P2P Botnet in Software Defined Network." Thesis, 2015. http://ndltd.ncl.edu.tw/handle/08210034701868158903.
Full textAbstract:
碩士<br>國立交通大學<br>網路工程研究所<br>103<br>As the advance of Internet, managing network traffic has been a hard work to network administrator, especially Peer-to-Peer (P2P) traffic. Most of the modern botnet also deploy their botnet architecture with Peer-to-Peer structures in order to avoid single point takedown. There have been many research proposed to detect such threats of P2P botnet. However, network administrator have to take care about it when they find victims or attackers. Software Defined Network (SDN) based on the OpenFlow protocol export control plane programmability of switched substrates. As a result, rich functionality in traffic management, load balancing, routing, firewall configuration, etc. that may pertain to specific flows they control, may be easily developed. In SDN, network administrator can no longer worry about Numerous network equipment. In this paper we proposed a novel methodology to detect and categorize P2P network traffic, include P2P botnet and benign P2P traffic in SDN architecture. With our system, we can detect and analysis network traffic with Machine Learning Algorithm, automatically and flexibility change flow rule in OpenFlow switch through SDN controller.
15
LeeMingHung and 李明鴻. "Contruct P2P Botnet network traffic detecting system." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/58ch5y.
Full textAbstract:
碩士<br>國立臺東大學<br>資訊管理學系碩士班<br>98<br>Botnet is a remote and multi-hierarchical network system to attack the internet information security. Because of its hidden features, it is not easy to monitor its work and completely prevent its attacks. However, if internet managers can detect and monitor the network traffic as soon as possible, it would be possible for them to minimize disasters of Botnet attacks. In fact, Botnet does contain specific network behaviors, such as network communicating through specific ports. In addition, its attack often targets specific services such as interrupting web server functioning or distributing spam emails.
This study was to detect Botnet network traffic in the LAN network environment, in which the Botnet virus could be specified based on its network communicating characteristics and network service traffic. Therefore, the infected computers could be furthermore identified. After the Botnet network traffic system was evaluated, the research results demonstrated that the system could identify the infected computers and detect suspicious Botnet computers