Frequency Analysis to Discover Botnet Beacon Communication Behavior

• Main Authors: Tang-Chen Tu, 涂堂楨
• Other Authors: Chin-Hui Lai
• Format: Others
• Language: zh-TW
• Published: 2019
• Online Access: http://ndltd.ncl.edu.tw/handle/8sg8xx

碩士 === 中原大學 === 資訊管理研究所 === 107 === Botnet threats continue to be a growing priority for organizations of all sizes in recent years. The designed malware of botnet is sophisticated and the corresponding communication behavior is inconspicuous. This paper introduces Visualize Intelligence and Temporal Analysis to network traffic as a framework to identify malware behavior hidden on the Internet. In this research, we condense traffic into a graphic and then utilize machine-learning algorithm to locate the behavior of beacon (BoB), which is a vital indication of auto-communication software. Since the malware within a compromised device will report to Command & Control (C&C) server periodically, the purpose of this research is to collect traffic flow and to discover the BoB by auto-learning algorithms, such as Artificial Neural Network. Our study confirms this framework model has exceptional performance and accuracy, as well as pinpointed the live beacon during investigation. Our study presents an analytical framework which takes into account the various beacons rate during the different time period. Extensive experimental result validates that framework has significant performance.