• Login
    View Item 
    •   etd@IISc
    • Division of Interdisciplinary Research
    • Supercomputer Education and Research Centre (SERC)
    • View Item
    •   etd@IISc
    • Division of Interdisciplinary Research
    • Supercomputer Education and Research Centre (SERC)
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Fast Identification of Structured P2P Botnets Using Community Detection Algorithms

    View/Open
    G25890.pdf (1.921Mb)
    Date
    2018-05-01
    Author
    Venkatesh, Bharath
    Metadata
    Show full item record
    Abstract
    Botnets are a global problem, and effective botnet detection requires cooperation of large Internet Service Providers, allowing near global visibility of traffic that can be exploited to detect them. The global visibility comes with huge challenges, especially in the amount of data that has to be analysed. To handle such large volumes of data, a robust and effective detection method is the need of the hour and it must rely primarily on a reduced or abstracted form of data such as a graph of hosts, with the presence of an edge between two hosts if there is any data communication between them. Such an abstraction would be easy to construct and store, as very little of the packet needs to be looked at. Structured P2P command and control have been shown to be robust against targeted and random node failures, thus are ideal mechanisms for botmasters to organize and command their botnets effectively. Thus this thesis develops a scalable, efficient and robust algorithm for the detection of structured P2P botnets in large traffic graphs. It draws from the advances in the state of the art in Community Detection, which aim to partition a graph into dense communities. Popular Community Detection Algorithms with low theoretical time complexities such as Label Propagation, Infomap and Louvain Method have been implemented and compared on large LFR benchmark graphs to study their efficiency. Louvain method is found to be capable of handling graphs of millions of vertices and billions of edges. This thesis analyses the performance of this method with two objective functions, Modularity and Stability and found that neither of them are robust and general. In order to overcome the limitations of these objective functions, a third objective function proposed in the literature is considered. This objective function has previously been used in the case of Protein Interaction Networks successfully, and used in this thesis to detect structured P2P botnets for the first time. Further, the differences in the topological properties - assortativity and density, of structured P2P botnet communities and benign communities are discussed. In order to exploit these differences, a novel measure based on mean regular degree is proposed, which captures both the assortativity and the density of a graph and its properties are studied. This thesis proposes a robust and efficient algorithm that combines the use of greedy community detection and community filtering using the proposed measure mean regular degree. The proposed algorithm is tested extensively on a large number of datasets and found to be comparable in performance in most cases to an existing botnet detection algorithm called BotGrep and found to be significantly faster.
    URI
    https://etd.iisc.ac.in/handle/2005/3470
    Collections
    • Supercomputer Education and Research Centre (SERC) [98]

    Related items

    Showing items related by title, author, creator and subject.

    • Optimum Event Detection In Wireless Sensor Networks 

      Karumbu, Premkumar (2013-06-12)
      We investigate sequential event detection problems arising in Wireless Sensor Networks (WSNs). A number of battery–powered sensor nodes of the same sensing modality are deployed in a region of interest(ROI). By an event ...
    • Electrochemical Biosensors based on Novel Receptors for Diabetes Management 

      Kumar, Vinay (2018-01-15)
      To address the challenge of accurate, low cost and robust biosensors for diabetes management and early detection of diabetes complications, we have developed novel, robust sensing chemistry (or receptors) for electrochemical ...
    • Memory Efficient Regular Expression Pattern Matching Architecture For Network Intrusion Detection Systems 

      Kumar, Pawan (2014-06-05)
      The rampant growth of the Internet has been coupled with an equivalent growth in cyber crime over the Internet. With our increased reliance on the Internet for commerce, social networking, information acquisition, and ...

    etd@IISc is a joint service of SERC & J R D Tata Memorial (JRDTML) Library || Powered by DSpace software || DuraSpace
    Contact Us | Send Feedback | Thesis Templates
    Theme by 
    Atmire NV
     

     

    Browse

    All of etd@IIScCommunities & CollectionsTitlesAuthorsAdvisorsSubjectsBy Thesis Submission DateThis CollectionTitlesAuthorsAdvisorsSubjectsBy Thesis Submission Date

    My Account

    LoginRegister

    etd@IISc is a joint service of SERC & J R D Tata Memorial (JRDTML) Library || Powered by DSpace software || DuraSpace
    Contact Us | Send Feedback | Thesis Templates
    Theme by 
    Atmire NV