Data-driven approaches for peer-to-peer botnet detection and forecasting
Date
Authors
Major Professor
Advisor
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Authors
Research Projects
Organizational Units
Computer Science—the theory, representation, processing, communication and use of information—is fundamentally transforming every aspect of human endeavor. The Department of Computer Science at Iowa State University advances computational and information sciences through; 1. educational and research programs within and beyond the university; 2. active engagement to help define national and international research, and 3. educational agendas, and sustained commitment to graduating leaders for academia, industry and government.
History
The Computer Science Department was officially established in 1969, with Robert Stewart serving as the founding Department Chair. Faculty were composed of joint appointments with Mathematics, Statistics, and Electrical Engineering. In 1969, the building which now houses the Computer Science department, then simply called the Computer Science building, was completed. Later it was named Atanasoff Hall. Throughout the 1980s to present, the department expanded and developed its teaching and research agendas to cover many areas of computing.
Dates of Existence
1969-present
Related Units
- College of Liberal Arts and Sciences (parent college)
Journal Issue
Is Version Of
Versions
Series
Department
Abstract
Peer-to-Peer (P2P) botnet is one of the major threats in network security for serving as the infrastructure that is responsible for various cybercrimes. Enterprises routinely collect terabytes of security-relevant data. This proposed work exploits such data to propose a novel Internet-scale P2P botnet detection that fuses big data behavioral analytics in conjunction with graph theoretical concepts. In addition to detecting botnets in large data sets, our method capable of meeting the challenges that incur botnet having encrypted command-and-control (C&C) channels, the stealthy botnet that hard to observe any malicious activities in the network traffic, and botnet with randomized communication patterns.
In a popular botnet-assisted attack scenario, the attacker(s) commands a swarm of bot-infected computers to send out flooding packets to a target server, intending to reduce the services provided by the server, to a state where they cannot be accessed by legitimate users. It is essential to detect these attacks commonly known as Distributed Denial of Service (DDoS) attacks accurately in a timely fashion so that mitigation can be done before a server down.
Apart from detecting the threat, it is important to the organization that they have significant insights about the targeted attack to understand future short and long term trends of an ongoing P2P botnet attack. This helps to quantify attack impacts like intensity and estimated number of compromised machines. The second part of our work focused on using time series analysis to identify those features and provide the capability to recognize the current as well as future similar situations and hence appropriately respond to the threat.
Experimental evaluation for detection and forecasting has demonstrated both high accuracy and great scalability of the proposed system.