Announcement for Downloading full text filePlease respect the Copyright Act.
All digital full text dissertation and theses from this website are authorized the copyright owners. These copyrighted full-text dissertation and theses can be only used for academic, research and non-commercial purposes. Users of this website can search, read, and print for personal usage. In respect of the Copyright Act of the Republic of China, please do not reproduce, distribute, change, or edit the content of these dissertations and theses without any permission. Please do not create any work based upon a pre-existing work by reproduction, Adaptation, Distribution or other means.
URN etd-0719112-214243 Statistics This thesis had been viewed 1792 times. Download 1017 times. Author Zong-Cyuan Jhang Author's Email Address No Public. Department Information Management Year 2011 Semester 2 Degree Master Type of Document Master's Thesis Language zh-TW.Big5 Chinese Page Count 69 Title An Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means Keyword K-means Network Traffic Analysis Botnet PSO PSO Botnet Network Traffic Analysis K-means Abstract Nowadays, Botnet has become one of the greatest threats to the network security. Network attackers can use Botnet to launch the distributed denial of service (DDoS) to paralyze the important websites or to steal the confidential data from infected computer, use fishing attacking to steal the sensitive information such as the account and password, send bulk email advertising or conduct click fraud. Even though the detection technology has got improved and some solutions to Internet security have been proposed, the threat of Botnet still exists. Most previous studies used the packet contents or the features of network flows to analyze to detect Botnet. However, there are still some problems with packet encryption and privacy, i.e., Botnet can easily change the packet contents and flow features to avoid the detection system. This study proposes a solution to those problems and develops a mechanism of Botnet detection step-by-step. First of all, three important network behaviors including long communication behavior (ActBehavior), connection failure behavior (FailBehavior), and network scanning behavior (ScanBehavior) are defined in this study by reviewing the related literatures and analyzing the network activities of infected computer. Secondly, the features of network behaviors are extracted from the flow records of Network-Layer and Transport-layer in the network equipment. Finally, Particle Swarm Optimization (PSO) and K-means algorithm are used to detect the members of Botnet in the organization's network. This study uses campus network as a case study. The experimental results show that this mechanism can find out the Botnet members on the network of an organization even the packet encryption or changed features of flows, find out the Botnet members prior to the detection of the other information security systems. Moreover, the mechanism in this study is and simple to implement and can be used in student dormitory network, home network and mobile 3G network as well. Advisor Committee Shing-Han Li - advisor
none - co-chair
Yu-cheng Kao - co-chair
Files Date of Defense 2012-07-17 Date of Submission 2012-07-19