Title:
Effective and scalable botnet detection in network traffic

Simple item page
dc.contributor.advisor Lee, Wenke
dc.contributor.author Zhang, Junjie en_US
dc.contributor.committeeMember Ahamad, Mustaque
dc.contributor.committeeMember Copeland, John
dc.contributor.committeeMember Feamster, Nick
dc.contributor.committeeMember Traynor, Patrick
dc.contributor.department Computing en_US
dc.date.accessioned 2012-09-20T18:22:14Z
dc.date.available 2012-09-20T18:22:14Z
dc.date.issued 2012-07-03 en_US
dc.description.abstract Botnets represent one of the most serious threats against Internet security since they serve as platforms that are responsible for the vast majority of large-scale and coordinated cyber attacks, such as distributed denial of service, spamming, and information stolen. Detecting botnets is therefore of great importance and a number of network-based botnet detection systems have been proposed. However, as botnets perform attacks in an increasingly stealthy way and the volume of network traffic is rapidly growing, existing botnet detection systems are faced with significant challenges in terms of effectiveness and scalability. The objective of this dissertation is to build novel network-based solutions that can boost both the effectiveness of existing botnet detection systems by detecting botnets whose attacks are very hard to be observed in network traffic, and their scalability by adaptively sampling network packets that are likely to be generated by botnets. To be specific, this dissertation describes three unique contributions. First, we built a new system to detect drive-by download attacks, which represent one of the most significant and popular methods for botnet infection. The goal of our system is to boost the effectiveness of existing drive-by download detection systems by detecting a large number of drive-by download attacks that are missed by these existing detection efforts. Second, we built a new system to detect botnets with peer-to-peer (P2P) command&control (C&C) structures (i.e., P2P botnets), where P2P C&Cs represent currently the most robust C&C structures against disruption efforts. Our system aims to boost the effectiveness of existing P2P botnet detection by detecting P2P botnets in two challenging scenarios: i) botnets perform stealthy attacks that are extremely hard to be observed in the network traffic; ii) bot-infected hosts are also running legitimate P2P applications (e.g., Bittorrent and Skype). Finally, we built a novel traffic analysis framework to boost the scalability of existing botnet detection systems. Our framework can effectively and efficiently identify a small percentage of hosts that are likely to be bots, and then forward network traffic associated with these hosts to existing detection systems for fine-grained analysis, thereby boosting the scalability of existing detection systems. Our traffic analysis framework includes a novel botnet-aware and adaptive packet sampling algorithm, and a scalable flow-correlation technique. en_US
dc.description.degree PhD en_US
dc.identifier.uri http://hdl.handle.net/1853/44837
dc.publisher Georgia Institute of Technology en_US
dc.subject Intrusion detection en_US
dc.subject Network security en_US
dc.subject Botnet en_US
dc.subject.lcsh Computer networks Security measures
dc.subject.lcsh Internet
dc.subject.lcsh Internet governance
dc.title Effective and scalable botnet detection in network traffic en_US
dc.type Text
dc.type.genre Dissertation
dspace.entity.type Publication
local.contributor.advisor Lee, Wenke
local.contributor.corporatename College of Computing
relation.isAdvisorOfPublication c2f2a105-702f-45e4-a8a3-4ca5eb3d0eec
relation.isOrgUnitOfPublication c8892b3c-8db6-4b7b-a33a-1b67f7db2021
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
zhang_junjie_201208_phd.pdf
Size:
1.77 MB
Format:
Adobe Portable Document Format
Description:
Download
Collections
Theses and Dissertations