Botnet Detection with Event-Driven Analysis

• Due to the huge impact on businesses, botnets are recognized as one of the most serious security threats. Malicious entities use various techniques to conceal and keep themselves undetected durin the proliferation of malware from computer to computer. Detection of a botnet is commonly performed in two ways either by using antivirus software or by analysing logged network data. However antivirus software usually detects malware that is already known and has been analysed, which is a main drawback of such approach due to the constant evolving of malware. The approach of analysis of logged network data do not reveals botnet activities and requires knowledge about botnets and type of data to look for within the collected log. Thus, the significant information can be overlooked and missed. In this paper, we propose event-driven log analysis software that enables detection of botnet activities and indicates whether the end-users machines have become a member of a botnet. Moreover, to optimize software functionality we performed an experiment that demonstrates how botnet communicates between itself and the command and control. Experiment along with the result is presented in this research.

Ämnesord

NATURVETENSKAP  -- Data- och informationsvetenskap -- Systemvetenskap, informationssystem och informatik (hsv//swe)

NATURAL SCIENCES  -- Computer and Information Sciences -- Information Systems (hsv//eng)

Nyckelord

Log analysis

botnet

firewall log

network analysis

Computer and Systems Sciences

data- och systemvetenskap

Publikations- och innehållstyp

ref (ämneskategori)

art (ämneskategori)