Exploring Global Botnet Patterns based on Honeypot Log Similarity

  • 江 啟賓

Student thesis: Doctoral Thesis


Botnet activity continues to grow at an alarming rate and poses a major threat to the security of networked systems around the world Botnet malfeasance is quite devastating such as credit card stealing or DDoS So it is important to understand the botnet behavior topology and structure Hence we propose a new ontology and a set of inference rules to facilitate the automatic identification of the botnet topology by means of a machine learning algorithm The results presented in this dissertation indicate that the proposed methodology provides a viable means of determining botnet topology with low inference time and high degree of accuracy compared to previous research works Hackers have increasingly used fast-flux techniques to extend the lifetime of malware networks in order to conduct various Advanced Persistent Threat (APT) activities Such activities typically target nations and or organizations for business or political motives and have the potential to cause immense disruption Thus it is essential to study the fast-flux service network and find possible attack behaviors With honeypot logs and association rule mining the proposed mechanism can reduce human effort and the entire system can operate automatically The results of our experiments indicate that the prediction system is workable for protecting assets from attacks or misuse
Date of Award2016 Jul 18
Original languageEnglish
SupervisorJung-Shian Li (Supervisor)

Cite this