Detection Of Botnet Based On Abnormal Dns Traffic

dc.contributor.authorHsasan Abdullah, Awsan Abdulrahman
dc.date.accessioned2016-10-07T07:46:00Z
dc.date.available2016-10-07T07:46:00Z
dc.date.issued2009-06
dc.description.abstractThe immense growth in the network sector has attracted the attackers' community. The attackers are always developing new techniques to assist them compromise a large number of computers around the world. Botnet is an example of such technique. Botnet is a group of Bots running on a compromised network and hosts which are controlled remotely by the botmaster via a Command and Control (C&C) server. Botnet is used to perform many malicious activities such as Spam and DDoS attacks. The Botnet is considered as a major part of Internet due to its fast increasing mechanism. Recently, Botnets have utilized the DNS and query DNS server just like any legitimate hosts. In this case, it is difficult to distinguish between the legitimate DNS traffic and illegitimate DNS traffic. It is important to build a suitable solution for Botnet detection in the DNS traffic and consequently protect the network from the malicious Botnets activities. In this research, a simple mechanism is proposed and is called Botnet Detection Mechanism (BDM). BDM monitors the DNS traffic and detects the abnormal DNS traffic issued by the Botnet activity based on the Botnet behaviors particularly the appearance of Botnet as a group in a periodic manner. The BDM is able to classify the DNS traffic requested by group of hosts (group behavior) and single hosts (individual behavior), consequently detect the abnormal domain name issued by the malicious Botnets. Finally, the experimental results proved that the BDM is able to classify DNS traffic, and efficiently detects the Botnet activity with average detection rate of 89%. This proves that BDM is more robust than previous approaches of Botnet detection.en_US
dc.identifier.urihttp://hdl.handle.net/123456789/2696
dc.subjectBotnet is a group of Bots runningen_US
dc.subjectcontrolled remotely by the botmasteren_US
dc.titleDetection Of Botnet Based On Abnormal Dns Trafficen_US
dc.typeThesisen_US
Files
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed upon to submission
Description: