Layered Botnet Detection Framework Based On Signal Processing And Discrete Time Analysis
A massive volume of online financial transactions and sensitive information is exchanged over the Internet. This has shifted the focus of cyber attackers from curiosity to financial gain. Attackers use different malware to achieve their goals. Among the various forms of malware; the botnet is...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://eprints.usm.my/45258/1/Loai%20Kayed%20Hassan%20Bani%20Melhim24.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-usm-ep.45258 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-usm-ep.452582019-08-22T08:24:09Z Layered Botnet Detection Framework Based On Signal Processing And Discrete Time Analysis 2012-09 Melhim, Loai Kayed Hassan Bani QA75.5-76.95 Electronic computers. Computer science A massive volume of online financial transactions and sensitive information is exchanged over the Internet. This has shifted the focus of cyber attackers from curiosity to financial gain. Attackers use different malware to achieve their goals. Among the various forms of malware; the botnet is considered as the worst, because of its vast computing power, ability to control many machines and its significant threat to the Internet users. This thesis presents a new approach in the area of botnet detection. It introduces a framework called Layered Botnet Detection Framework (LBDF) that can detect botnet members efficiently. This framework works in the frequency domain rather than in the time domain. LBDF is equipped with a ‘malicious-scanning’ detection algorithm. The LBDF algorithm uses SYN, ACK (SNAK) rules to reduce the volume of network captured traffic and to convert the reduced traffic into discrete time sequences. Then LBDF applies both a periodogram and circular autocorrelation function to these sequences to detect any hidden periodicities. If periodic behavior were detected, the frequency of the sequence and the IP address of the monitored computer will be recorded. Thus the IP address of PCs with periodic behavior will be saved in a database and labeled as suspicious. If any of the suspicious machines performs a malicious-scanning action, it will be declared as a bot. Bots that have similar features are grouped together as members of the same botnet. 2012-09 Thesis http://eprints.usm.my/45258/ http://eprints.usm.my/45258/1/Loai%20Kayed%20Hassan%20Bani%20Melhim24.pdf application/pdf en public phd doctoral Universiti Sains Malaysia Pusat Pengajian Sains Komputer |
| institution |
Universiti Sains Malaysia |
| collection |
USM Institutional Repository |
| language |
English |
| topic |
QA75.5-76.95 Electronic computers Computer science |
| spellingShingle |
QA75.5-76.95 Electronic computers Computer science Melhim, Loai Kayed Hassan Bani Layered Botnet Detection Framework Based On Signal Processing And Discrete Time Analysis |
| description |
A massive volume of online financial transactions and sensitive information is
exchanged over the Internet. This has shifted the focus of cyber attackers from
curiosity to financial gain. Attackers use different malware to achieve their goals.
Among the various forms of malware; the botnet is considered as the worst, because
of its vast computing power, ability to control many machines and its significant
threat to the Internet users.
This thesis presents a new approach in the area of botnet detection. It introduces a
framework called Layered Botnet Detection Framework (LBDF) that can detect
botnet members efficiently. This framework works in the frequency domain rather
than in the time domain. LBDF is equipped with a ‘malicious-scanning’ detection
algorithm. The LBDF algorithm uses SYN, ACK (SNAK) rules to reduce the volume
of network captured traffic and to convert the reduced traffic into discrete time
sequences. Then LBDF applies both a periodogram and circular autocorrelation
function to these sequences to detect any hidden periodicities. If periodic behavior
were detected, the frequency of the sequence and the IP address of the monitored
computer will be recorded. Thus the IP address of PCs with periodic behavior will be
saved in a database and labeled as suspicious. If any of the suspicious machines
performs a malicious-scanning action, it will be declared as a bot. Bots that have
similar features are grouped together as members of the same botnet. |
| format |
Thesis |
| qualification_name |
Doctor of Philosophy (PhD.) |
| qualification_level |
Doctorate |
| author |
Melhim, Loai Kayed Hassan Bani |
| author_facet |
Melhim, Loai Kayed Hassan Bani |
| author_sort |
Melhim, Loai Kayed Hassan Bani |
| title |
Layered Botnet Detection Framework Based On Signal
Processing And Discrete Time Analysis |
| title_short |
Layered Botnet Detection Framework Based On Signal
Processing And Discrete Time Analysis |
| title_full |
Layered Botnet Detection Framework Based On Signal
Processing And Discrete Time Analysis |
| title_fullStr |
Layered Botnet Detection Framework Based On Signal
Processing And Discrete Time Analysis |
| title_full_unstemmed |
Layered Botnet Detection Framework Based On Signal
Processing And Discrete Time Analysis |
| title_sort |
layered botnet detection framework based on signal
processing and discrete time analysis |
| granting_institution |
Universiti Sains Malaysia |
| granting_department |
Pusat Pengajian Sains Komputer |
| publishDate |
2012 |
| url |
http://eprints.usm.my/45258/1/Loai%20Kayed%20Hassan%20Bani%20Melhim24.pdf |
| _version_ |
1747821478618857472 |