Deanship of Graduate Studies | Researches | GENERAL BOTNET DETECTION BASED ON NETWORK AND HOST ANALYSIS

Main Page
Deanship
- The Dean
  - Dean's Word
  - Curriculum Vitae
  - Contact the Dean
- Vision and Mission
- Organizational Structure
- Vice- Deanship
- Vice- Dean
- KAU Graduate Studies
Research Services & Courses
- Research Services Unit
- Important Research for Society
- Deanship's Services
  - FAQs
  - Research
  - Staff Directory
  - Files
  - Favorite Websites
  - Deanship Access Map
Graduate Studies Awards
Deanship's Staff
- Staff Directory
Files
Researches
Contact us

- عربي
- English

Deanship of Graduate Studies

Document Details

Document Type	:	Thesis
Document Title	:	GENERAL BOTNET DETECTION BASED ON NETWORK AND HOST ANALYSIS كشف البوت نت على أساس تحليل المعلومات في الشبكة و جهاز المستخدم
Subject	:	FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY
Document Language	:	Arabic
Abstract	:	One of the most serious cyber-security threats is the botnet. The botnet runs in the background of the compromised machine and maintains communication with the C\&C server to receive malicious commands. Malicious activity is executed without the knowledge of the owner of the compromised computer. Botnet master uses botnet to launch dangerous attacks such as Distributed Denial of Service (DDoS), finishing, Data stealing, Click fraud and spamming. The size of the botnet is usually very large and millions of infected hosts may belong to it. This thesis addresses the problem of detecting botnet flows records within Netflow traces and activities in the host. We propose a general technique that is capable of detecting a new botnet in early stages. Our technique can be implement at three level: the host level, the network level or a combination of both. The botnet communication traffic we are interested in includes HTTP, P2P, IRC and DNS using IP fluxing. The proposed technique has been evaluated with a collection of real malicious and legitimate datasets. HANABot algorithm is proposed to preprocess and extracted features to differentiate the botnet behavior from the legitimate behavior. The results of our experiment show a high level of accuracy and a low positive rate. Furthermore, a comparison between some existing approaches was given, focusing on specific features and performance. The proposed technique outperforms some of the presented approaches in terms of accurately detecting botnet flow records within Netflow traces.
Supervisor	:	Dr. Saoucene Alaye Mahfoudh
Thesis Type	:	Master Thesis
Publishing Year	:	1437 AH 2016 AD
Added Date	:	Monday, July 25, 2016

Researchers

Researcher Name (Arabic)	Researcher Name (English)	Researcher Type	Dr Grade	Email
سوزان بندر المطيري	Al Mutairi, Suzan Bandar	Researcher	Master

Files

File Name	Type	Description
39320.pdf	pdf

Back To Researches Page