Main Page
Deanship
The Dean
Dean's Word
Curriculum Vitae
Contact the Dean
Vision and Mission
Organizational Structure
Vice- Deanship
Vice- Dean
KAU Graduate Studies
Research Services & Courses
Research Services Unit
Important Research for Society
Deanship's Services
FAQs
Research
Staff Directory
Files
Favorite Websites
Deanship Access Map
Graduate Studies Awards
Deanship's Staff
Staff Directory
Files
Researches
Contact us
عربي
English
About
Admission
Academic
Research and Innovations
University Life
E-Services
Search
Deanship of Graduate Studies
Document Details
Document Type
:
Thesis
Document Title
:
GENERAL BOTNET DETECTION BASED ON NETWORK AND HOST ANALYSIS
كشف البوت نت على أساس تحليل المعلومات في الشبكة و جهاز المستخدم
Subject
:
FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY
Document Language
:
Arabic
Abstract
:
One of the most serious cyber-security threats is the botnet. The botnet runs in the background of the compromised machine and maintains communication with the C\&C server to receive malicious commands. Malicious activity is executed without the knowledge of the owner of the compromised computer. Botnet master uses botnet to launch dangerous attacks such as Distributed Denial of Service (DDoS), finishing, Data stealing, Click fraud and spamming. The size of the botnet is usually very large and millions of infected hosts may belong to it. This thesis addresses the problem of detecting botnet flows records within Netflow traces and activities in the host. We propose a general technique that is capable of detecting a new botnet in early stages. Our technique can be implement at three level: the host level, the network level or a combination of both. The botnet communication traffic we are interested in includes HTTP, P2P, IRC and DNS using IP fluxing. The proposed technique has been evaluated with a collection of real malicious and legitimate datasets. HANABot algorithm is proposed to preprocess and extracted features to differentiate the botnet behavior from the legitimate behavior. The results of our experiment show a high level of accuracy and a low positive rate. Furthermore, a comparison between some existing approaches was given, focusing on specific features and performance. The proposed technique outperforms some of the presented approaches in terms of accurately detecting botnet flow records within Netflow traces.
Supervisor
:
Dr. Saoucene Alaye Mahfoudh
Thesis Type
:
Master Thesis
Publishing Year
:
1437 AH
2016 AD
Added Date
:
Monday, July 25, 2016
Researchers
Researcher Name (Arabic)
Researcher Name (English)
Researcher Type
Dr Grade
Email
سوزان بندر المطيري
Al Mutairi, Suzan Bandar
Researcher
Master
Files
File Name
Type
Description
39320.pdf
pdf
Back To Researches Page