| Summary: | 碩士 === 國立成功大學 === 電腦與通信工程研究所 === 106 === Preventing botnets is crucial for maintaining cybersecurity. Although there are many detection tools for preventing botnets, most of them use batch processing systems for detection. For example, the work of our previous research, BotCluster, uses batch processing system to detect P2P botnets. The batch processing system like BotCluster needs to accumulate enough data in advance to start a perfect detection of our grouping algorithm, so the time to detection (TTD), which is from data generation to analysis of the data, will be very long. For urgent botnets, reducing the TTD can significantly reduce the damage of these botnets.
In this research, we will use the malicious network behavior characteristics of the previously detected result from BotCluster to quickly detect the new incoming NetFlow data. Besides, the quick detection will perform in the streaming process platform for processing the input data rapidly. Finally, the quick detection can reach 90% precision and reduce the TTD from 24 hours to 2 hours.
|
|---|
