The Detection of Botnet Threats Using Netflow and Network Raw Traffic

Purba, Anton and Lukas, Lukas and Lim, Charles (2018) The Detection of Botnet Threats Using Netflow and Network Raw Traffic. Masters thesis, Swiss German University.

[img]
Preview
Text
Anton Purba 2-2013-102 TOC.pdf

Download (520kB) | Preview
[img] Text
Anton Purba 2-2013-102 1.pdf
Restricted to Registered users only

Download (156kB)
[img] Text
Anton Purba 2-2013-102 2.pdf
Restricted to Registered users only

Download (903kB)
[img] Text
Anton Purba 2-2013-102 3.pdf
Restricted to Registered users only

Download (1MB)
[img] Text
Anton Purba 2-2013-102 4.pdf
Restricted to Registered users only

Download (276kB)
[img] Text
Anton Purba 2-2013-102 5.pdf
Restricted to Registered users only

Download (200kB)
[img]
Preview
Text
Anton Purba 2-2013-102 Ref.pdf

Download (332kB) | Preview

Abstract

Nowadays botnets are used for most of cybercrime attack. After successfully infected the local machine, typically botnets will running on hidden process and use masquerade channel to communicate with its command and control server. HTTP and IRC are common legitimate protocols that used by attacker to covert the communication. This behavior makes the detection of botnet activity is the challenging problem. To detect botnet communication need a detail network traffic information to analyzed. Unfortunately detecting botnet using a network raw traffic also challenging and need more resource to do the process. NetFlow is an option to use for botnet detection. However, using sampling traffic such like NetFlow data also challenging to botnet detection accuracy. Meanwhile, the availability of raw network data is limited comparing to NetFlow data, that widely available. In this works we explores how accurate is detection can be achieved using NetFlow. To perform the evaluation, supervised machine learning algorithm is used, and two type of dataset; NetFlow and network raw traffic will be evaluated. This thesis work experiment found 99,4% the accuracy of botnet detection using NetFlow, therefore flow-based detection system in high-speed bandwidth environment is recommended.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Netflow; Botnet; Machine Learning; Malware; C&C
Subjects: H Social Sciences > HV Social pathology. Social and public welfare > HV6773 Computer crimes
Q Science > QA Mathematics > QA76 Computer software >
T Technology > T Technology (General) > T58.5 Information technology
Divisions: Faculty of Engineering and Information Technology > Department of Information Technology
Depositing User: Astuti Kusumaningrum
Date Deposited: 09 Jul 2020 15:08
Last Modified: 09 Jul 2020 15:08
URI: http://repository.sgu.ac.id/id/eprint/772

Actions (login required)

View Item View Item