Immunology Inspired Detection of Data Theft from Autonomous Network Activity

• Main Author: Cochran, Theodore O.
• Format: Others
• Published: NSUWorks 2015
• Subjects: Information science; Computer science; botnet; classification; detection; exfiltration; immunology; malware; cyber crime; cyber criminals; Computer Sciences; Computer Security; Criminology
• Online Access: http://nsuworks.nova.edu/gscis_etd/42; http://nsuworks.nova.edu/cgi/viewcontent.cgi?article=1041&context=gscis_etd

The threat of data theft posed by self-propagating, remotely controlled bot malware is increasing. Cyber criminals are motivated to steal sensitive data, such as user names, passwords, account numbers, and credit card numbers, because these items can be parlayed into cash. For anonymity and economy of scale, bot networks have become the cyber criminal’s weapon of choice. In 2010 a single botnet included over one million compromised host computers, and one of the largest botnets in 2011 was specifically designed to harvest financial data from its victims. Unfortunately, current intrusion detection methods are unable to effectively detect data extraction techniques employed by bot malware. The research described in this Dissertation Report addresses that problem. This work builds on a foundation of research regarding artificial immune systems (AIS) and botnet activity detection. This work is the first to isolate and assess features derived from human computer interaction in the detection of data theft by bot malware and is the first to report on a novel use of the HTTP protocol by a contemporary variant of the Zeus bot.