Sökning: onr:"swepub:oai:DiVA.org:su-114698" >
Botnet Detection wi...
Abstract
Ämnesord
Stäng
- Due to the huge impact on businesses, botnets are recognized as one of the most serious security threats. Malicious entities use various techniques to conceal and keep themselves undetected durin the proliferation of malware from computer to computer. Detection of a botnet is commonly performed in two ways either by using antivirus software or by analysing logged network data. However antivirus software usually detects malware that is already known and has been analysed, which is a main drawback of such approach due to the constant evolving of malware. The approach of analysis of logged network data do not reveals botnet activities and requires knowledge about botnets and type of data to look for within the collected log. Thus, the significant information can be overlooked and missed. In this paper, we propose event-driven log analysis software that enables detection of botnet activities and indicates whether the end-users machines have become a member of a botnet. Moreover, to optimize software functionality we performed an experiment that demonstrates how botnet communicates between itself and the command and control. Experiment along with the result is presented in this research.
Ämnesord
- NATURVETENSKAP -- Data- och informationsvetenskap -- Systemvetenskap, informationssystem och informatik (hsv//swe)
- NATURAL SCIENCES -- Computer and Information Sciences -- Information Systems (hsv//eng)
Nyckelord
- Log analysis
- botnet
- firewall log
- network analysis
- Computer and Systems Sciences
- data- och systemvetenskap
Publikations- och innehållstyp
- ref (ämneskategori)
- art (ämneskategori)
Hitta via bibliotek
Till lärosätets databas