| Summary: | 碩士 === 國立清華大學 === 資訊系統與應用研究所 === 103 === The war against botnet infection is fought every day by common users and enterprises who want to feel safe against any threat of compromise hosts. With the enormous and continuous growth, attackers are consistent in creating new methods to prey on vulnerable users and their devices. It is necessary to pay close attention to what goes out of a network and analyze the impact a single infected network flow may have over the entire network.
In this paper we are going to focus on the behavior of a particular kind of botnet, Peer 2 Peer (P2P), which along with hybrid botnets is a growing trend among attackers, who extensively and exhaustively search for new ways to bypass all security walls by any means possible. The main approach will consist of a behavior comparison among features extracted from network flows, focusing only in the flows from P2P applications including P2P botnets.
In this thesis, we will assess the potential unsupervised learning has against P2P botnets, because this type of learning has proved to work better with unknown variables of classification. The packets from common P2P applications combine with malicious flows from some known P2P botnets like Zeus and Waledac will be analyze and tested. These algorithms will be compared, in order to determine, in terms of accuracy, which is the best fit to identify different types of P2P applications, including the Botnet infected network flows.
|
|---|
