A Botnet Detection System Based on Signal Processing Technique and Dynamic Time Warping Algorithm
碩士 === 國立交通大學 === 網路工程研究所 === 105 === With the rapid development of network technology, network security has become a very important issue. Botnet has posed a great threat to cybersecurity in recent years. Therefore, there are a lot of botnet detection studies in decade. However, many of these studi...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | zh-TW |
| Published: |
2017
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/7b7p83 |
| id |
ndltd-TW-105NCTU5726032 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-TW-105NCTU57260322019-05-16T00:08:10Z http://ndltd.ncl.edu.tw/handle/7b7p83 A Botnet Detection System Based on Signal Processing Technique and Dynamic Time Warping Algorithm 基於訊號處理技術以及動態時間校正演算法之殭屍網路偵測系統 Hu, Chiao-Feng 胡喬峰 碩士 國立交通大學 網路工程研究所 105 With the rapid development of network technology, network security has become a very important issue. Botnet has posed a great threat to cybersecurity in recent years. Therefore, there are a lot of botnet detection studies in decade. However, many of these studies rely on the packet size in a flow or the duration of a flow as features to distinguish whether a flow is a C&C communication of botnet. The attacker may easily evade these flow-based detection methods by changing the port, protocols or even the packet size. Hence, in this paper, we propose a conversation-based botnet detection system which use signal processing techniques and dynamic time warping algorithm. In the system, the packets will be aggregated into several conversations according to the source IP address and destination IP address. In this way, the port number and protocol will not affect. Besides, we calculate 6 new features based on Discrete Fourier Transform to view a conversation in the frequency domain. Finally, another 3K new features are calculated by using dynamic time warping algorithm. With these 6+3K features, we can improve the accuracy of which use the commonly used features in the past. Tzeng, Wen-Guey 曾文貴 2017 學位論文 ; thesis 50 zh-TW |
| collection |
NDLTD |
| language |
zh-TW |
| format |
Others
|
| sources |
NDLTD |
| description |
碩士 === 國立交通大學 === 網路工程研究所 === 105 === With the rapid development of network technology, network security has become a very important issue. Botnet has posed a great threat to cybersecurity in recent years. Therefore, there are a lot of botnet detection studies in decade. However, many of these studies rely on the packet size in a flow or the duration of a flow as features to distinguish whether a flow is a C&C communication of botnet. The attacker may easily evade these flow-based detection methods by changing the port, protocols or even the packet size.
Hence, in this paper, we propose a conversation-based botnet detection system which use signal processing techniques and dynamic time warping algorithm. In the system, the packets will be aggregated into several conversations according to the source IP address and destination IP address. In this way, the port number and protocol will not affect. Besides, we calculate 6 new features based on Discrete Fourier Transform to view a conversation in the frequency domain. Finally, another 3K new features are calculated by using dynamic time warping algorithm. With these 6+3K features, we can improve the accuracy of which use the commonly used features in the past.
|
| author2 |
Tzeng, Wen-Guey |
| author_facet |
Tzeng, Wen-Guey Hu, Chiao-Feng 胡喬峰 |
| author |
Hu, Chiao-Feng 胡喬峰 |
| spellingShingle |
Hu, Chiao-Feng 胡喬峰 A Botnet Detection System Based on Signal Processing Technique and Dynamic Time Warping Algorithm |
| author_sort |
Hu, Chiao-Feng |
| title |
A Botnet Detection System Based on Signal Processing Technique and Dynamic Time Warping Algorithm |
| title_short |
A Botnet Detection System Based on Signal Processing Technique and Dynamic Time Warping Algorithm |
| title_full |
A Botnet Detection System Based on Signal Processing Technique and Dynamic Time Warping Algorithm |
| title_fullStr |
A Botnet Detection System Based on Signal Processing Technique and Dynamic Time Warping Algorithm |
| title_full_unstemmed |
A Botnet Detection System Based on Signal Processing Technique and Dynamic Time Warping Algorithm |
| title_sort |
botnet detection system based on signal processing technique and dynamic time warping algorithm |
| publishDate |
2017 |
| url |
http://ndltd.ncl.edu.tw/handle/7b7p83 |
| work_keys_str_mv |
AT huchiaofeng abotnetdetectionsystembasedonsignalprocessingtechniqueanddynamictimewarpingalgorithm AT húqiáofēng abotnetdetectionsystembasedonsignalprocessingtechniqueanddynamictimewarpingalgorithm AT huchiaofeng jīyúxùnhàochùlǐjìshùyǐjídòngtàishíjiānxiàozhèngyǎnsuànfǎzhījiāngshīwǎnglùzhēncèxìtǒng AT húqiáofēng jīyúxùnhàochùlǐjìshùyǐjídòngtàishíjiānxiàozhèngyǎnsuànfǎzhījiāngshīwǎnglùzhēncèxìtǒng AT huchiaofeng botnetdetectionsystembasedonsignalprocessingtechniqueanddynamictimewarpingalgorithm AT húqiáofēng botnetdetectionsystembasedonsignalprocessingtechniqueanddynamictimewarpingalgorithm |
| _version_ |
1719161512741830656 |