首頁 > 網路資源 > 大同大學數位論文系統

Title page for etd-0719112-214243


URN etd-0719112-214243 Statistics This thesis had been viewed 1792 times. Download 1017 times.
Author Zong-Cyuan Jhang
Author's Email Address No Public.
Department Information Management
Year 2011 Semester 2
Degree Master Type of Document Master's Thesis
Language zh-TW.Big5 Chinese Page Count 69
Title An Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means
Keyword
  • K-means
  • Network Traffic Analysis
  • Botnet
  • PSO
  • PSO
  • Botnet
  • Network Traffic Analysis
  • K-means
  • Abstract Nowadays, Botnet has become one of the greatest threats to the network security. Network attackers can use Botnet to launch the distributed denial of service (DDoS) to paralyze the important websites or to steal the confidential data from infected computer, use fishing attacking to steal the sensitive information such as the account and password, send bulk email advertising or conduct click fraud. Even though the detection technology has got improved and some solutions to Internet security have been proposed, the threat of Botnet still exists. Most previous studies used the packet contents or the features of network flows to analyze to detect Botnet. However, there are still some problems with packet encryption and privacy, i.e., Botnet can easily change the packet contents and flow features to avoid the detection system. This study proposes a solution to those problems and develops a mechanism of Botnet detection step-by-step. First of all, three important network behaviors including long communication behavior (ActBehavior), connection failure behavior (FailBehavior), and network scanning behavior (ScanBehavior) are defined in this study by reviewing the related literatures and analyzing the network activities of infected computer. Secondly, the features of network behaviors are extracted from the flow records of Network-Layer and Transport-layer in the network equipment. Finally, Particle Swarm Optimization (PSO) and K-means algorithm are used to detect the members of Botnet in the organization's network. This study uses campus network as a case study. The experimental results show that this mechanism can find out the Botnet members on the network of an organization even the packet encryption or changed features of flows, find out the Botnet members prior to the detection of the other information security systems. Moreover, the mechanism in this study is and simple to implement and can be used in student dormitory network, home network and mobile 3G network as well.
    Advisor Committee
  • Shing-Han Li - advisor
  • none - co-chair
  • Yu-cheng Kao - co-chair
  • Files indicate in-campus access immediately and off-campus access at one year
    Date of Defense 2012-07-17 Date of Submission 2012-07-19


    Browse | Search All Available ETDs