SCAP : A P2P Botnet Detection System by Analyzing Composite Traffic Characteristic

• Main Authors: Jia-Siang Ye, 葉佳祥
• Other Authors: none
• Format: Others
• Language: en_US
• Published: 2016
• Online Access: http://ndltd.ncl.edu.tw/handle/ug9sfz

碩士 === 國立臺灣科技大學 === 資訊工程系 === 104 === During the last two decades, P2P botnets have severe security threat to the contemporary information networks. Usually attackers first distribute malware to control the victim’s host and then use the host as a springboard to launch attack on the specific targets. Because the botnets become smarter than ever to avoid security detection,many researches on both centralized and decentralized botnets regarding security detection have been reported. Among them, some researchers focused on the conversation-based detection. However, the problem of composite traffic occurs frequently in these researches. In our study, we do not use ”conversation” to detect botnet but use ”payload conversation”. With the characteristic of ”payload conversation”, our system can tackle with the composite traffic problems. We then propose a new algorithm called ”Spatial Clustering of Applications without Parameter” (SCAP) to classify the traffic problems. SCAP is a nonparametric algorithm which is an improved version of K-means. SCAP can automatically cluster training data without setting any parameters. With this advantage, our system can deal with the traffic problemsin different P2P applications.