| Summary: | 碩士 === 國立交通大學 === 網路工程研究所 === 105 === With the rapid development of network technology, network security has become a very important issue. Botnet has posed a great threat to cybersecurity in recent years. Therefore, there are a lot of botnet detection studies in decade. However, many of these studies rely on the packet size in a flow or the duration of a flow as features to distinguish whether a flow is a C&C communication of botnet. The attacker may easily evade these flow-based detection methods by changing the port, protocols or even the packet size.
Hence, in this paper, we propose a conversation-based botnet detection system which use signal processing techniques and dynamic time warping algorithm. In the system, the packets will be aggregated into several conversations according to the source IP address and destination IP address. In this way, the port number and protocol will not affect. Besides, we calculate 6 new features based on Discrete Fourier Transform to view a conversation in the frequency domain. Finally, another 3K new features are calculated by using dynamic time warping algorithm. With these 6+3K features, we can improve the accuracy of which use the commonly used features in the past.
|
|---|
