botAnalytics: Improving HTTP-Based Botnet Detectio by using network behavior analysis system

Eslahi, Meisam (2011) botAnalytics: Improving HTTP-Based Botnet Detectio by using network behavior analysis system. Masters thesis, University of Malaya.

[img] PDF
Meisam Eslahi (WGA070104).pdf

Download (1MB)

Abstract

This thesis reports on the research conducted to develop a method for detecting HTTP-based Botnets based on the Network Behaviour Analysis system. Bots are small-size malwares that infect computers, and join with other bots via the Internet to form a network of bots called Botnet. Botnets and their bots have a dynamic and flexible nature. The Botmasters, who control the Botnets, update the bots and change their codes day by day to avoid the traditional detection methods such as signature-based anti-viruses. In addition, many techniques are employed by Botmasters to make their Botnets undetectable for as long as possible. The latest generations of Botnets are HTTP-based, and use the standard HTTP protocol to communicate with their bots. By using the normal HTTP traffic, the bots passed off as normal users of the networks, and they can easily bypass the current network security systems. To solve this problem, a method based on network behaviour analysis system was developed to improve the existing methods of detecting HTTP-based Botnets and their bots. The system, botAnalytics, was developed by modifying the existing network behavior analysis methods and adding new features to them. The Delphi programming language was used to develop the botAnalytics system, while Microsoft Sql Server 2008 was selected as its database management system. New filters and algorithms were designed and developed to analyse the collected network packets to look for any evidence of suspicious HTTP-based Botnets activities. In addition to HTTP-based Botnet detection, one of the HTTP header fields, called the User-Agent, was used by botAnalytics to analyse the level of danger of detected suspicious activities. This is the first reported use of the User-Agent to aid Botnet detection. Based on the result of the testing and evaluation of botAnalytics, the system has been found to be very efficient in detecting HTTP-based Botnets. botAnalytics was also found to be very efficient for detecting small-scale Botnets.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Botnet Detectio, botAnalytics, Network behavior, HTTP, HTTP traffic
Subjects: Z Bibliography. Library Science. Information Resources > Z665 Library Science. Information Science
Depositing User: MS NOOR ZAKIRA ZULRIMI
Date Deposited: 19 Jul 2013 07:50
Last Modified: 19 Jul 2013 07:50
URI: http://repository.um.edu.my/id/eprint/616

Actions (login required)

View Item View Item