This thesis explores possible approaches to detecting robotic activity of botnets on network. Initially, the detection based on full packet analysis in consideration of DNS, HTTP and IRC communication, is described. However, this detection is found inapplicable for technical and ethical reasons. Then it focuses on the analysis based on network flow metadata, compiling them to be processable in machine learning. It creates detection models using different machine learning methods, to compare them with each other. Bayes net method is found to be acceptable for detecting robotic activity of botnets. The Bayesian model is only able to identify the botnet that already executes the commands sent by its C&C server. "Sleeping" botnets are not reliably detectable by this model.
| Identifer | oai:union.ndltd.org:nusl.cz/oai:invenio.nusl.cz:262021 |
| Date | January 2016 |
| Creators | Prajer, Richard |
| Contributors | Palovský, Radomír, Pavlíček, Luboš |
| Publisher | Vysoká škola ekonomická v Praze |
| Source Sets | Czech ETDs |
| Language | Czech |
| Detected Language | English |
| Type | info:eu-repo/semantics/masterThesis |
| Rights | info:eu-repo/semantics/restrictedAccess |
Page generated in 0.0021 seconds