Botnet anomaly detection by Gateway traffic log

• Main Authors: Liu, Dai-Kuei, 劉代奎
• Other Authors: Tzeng, Wen-Guey
• Format: Others
• Language: zh-TW
• Published: 2018
• Online Access: http://ndltd.ncl.edu.tw/handle/2a8653

碩士 === 國立交通大學 === 資訊學院資訊學程 === 107 === There has been an unstoppably growing popularity of internet and IoT devices appli- cations these days, however as the number of IoT devices extensively and rapidly grows, what then follows is the rising security threats from Botnets, which has incurred a consid- erable economical loss, either directly or indirectly, overall up to trillions of USD dollars. Therefore, a new major focus in network security nowadays becomes how to eff ectively stop botnet infections and to prevent its spreading out, even to make early alerts. The majority of currently available botnet detection software highly relies on soft- ware vendors’continuous updates to remain functional as those software mostly depend on conventional signature database to detect botnets, and cannot provide any protection whatsoever on IoT devices. This is why this dissertation hereby proposes a specifi c net- working communication approach, which drives all traffi c to pass through gateways and successfully bypasses the conventional requirement for manual“Label”of machine learning by utilizing the unsupervised learning method in order to detect anomaly in networking communications. Our experiments have found that TCM-KNN can eff ectively recognize anomalous behaviors from all servers in the internet and that we can effi caciously improve its categorization results by adding new protocol feature into the process.