Botnets analysis and detection methods based on network behavior

dc.contributor.advisorWhite, Gregory B.
dc.contributor.authorAl-Bataineh, Areej
dc.contributor.committeeMemberBoppana, Rajendra
dc.contributor.committeeMemberKorkmaz, Turgay
dc.contributor.committeeMemberTosun, Ali
dc.contributor.committeeMemberPerdisci, Roberto
dc.descriptionThis item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.
dc.description.abstractBotnets, or a network of compromised machines, are considered one of the biggest threats to the security and privacy on users of networked systems. These structures offer anonymous, distributed, and automatic means for cybercrime, such as spamming, denial of service, and identity theft. Recently, the most prevalent type of attack has been information stealing, in which sensitive information with high financial value is the target, such as online banking credentials, credit card numbers, cryptographic certificates, and corporate proprietary information. This dissertation uncovers subtle network behaviors of bots infecting hosts inside an enterprise network, and proposes methods to prevent bots from successfully launching attacks, in particular, spamming and information stealing. These detection methods add to and strengthen network defense-in-depth systems. Different aspects of bots network behavior are considered depending on the objective of a botnet. For spamming botnets, we discuss spam transmission methods and propose preventative measures to be applied at network routers and email servers. Then, we uncover an array of anomalous DNS behaviors of bots and provide a proof-of-concept classification and clustering methods as an evidence for the viability of these behaviors in detecting bots. For data stealing botnets, we present an analysis of an infamous data stealing botnet, called Zeus, which became a platform for other botnets that appeared later. Next, we propose a classification algorithm to detect bots data stealing attempts through the web, and present an evaluation of the proposed classifier's performance.
dc.description.departmentComputer Science
dc.format.extent100 pages
dc.subjectIntrusion Detection
dc.subjectNetwork Security
dc.subject.classificationComputer science
dc.titleBotnets analysis and detection methods based on network behavior
dcterms.accessRightspq_closed Science of Texas at San Antonio of Philosophy


Original bundle

Now showing 1 - 1 of 1
No Thumbnail Available
1.8 MB
Adobe Portable Document Format