Characterizing Botnet In P2P Network For UDP Protocol
In modem society, an extensive range of business, infrastructure, and human needs, such as communications, utilities, banks, and leisure services are now provided by systems that rely on the secure and efficient operation of computer networks. As networks increase in size and complexity, a thorou...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English |
| Published: |
2011
|
| Subjects: | |
| Online Access: | http://eprints.utem.edu.my/id/eprint/7072/1/Characterizing_Botnet_In_P2P_Network_For_UDP_Protocol_Full_Text.pdf http://eprints.utem.edu.my/id/eprint/7072/2/Characterizing_Botnet_In_P2P_Network_For_UDP_Protocol_24_Pages.pdf http://eprints.utem.edu.my/id/eprint/7072/ http://library.utem.edu.my:8000/elmu/index.jsp?module=webopac-d&action=graphicFullDisplayRetriever.jsp&szMaterialNo=0000070839 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Teknikal Malaysia Melaka |
| Language: | English English |
| Summary: | In modem society, an extensive range of business, infrastructure, and human needs, such as
communications, utilities, banks, and leisure services are now provided by systems that rely on
the secure and efficient operation of computer networks. As networks increase in size and
complexity, a thorough understanding of their behavior is crucial to protect them from security
threats. One of the threats to the network today is the threat of Botnet. This study will carry
out the characterizing botnet in computer networks. In the beginning of the study, botnet
architecture, behaviour, topology and mechanism are discussed. To analyze the characteristic,
behaviour or pattern of the botnet base on the network traffic, a proper network analyzing
tools is needed. Several network analysis tools available today are use for the analysis process
of the network traffic. In the analysis phase, the botnet detection strategies base on the
signature and DNS anomaly approach are selected to identify the behaviour and the
characteristic of the botnet. In anomaly approach most of the behavioral and characteristic
identification of the botnet is done by comparing between the normal and abnormal traffic.
The main focus of the network analysis is studied on UDP protocol network traffic. Based on
the analysis of the network traffic, the following anomalies are identified, abnormal DNS
packet request, the NetBIOS attack, abnormal DNS MX query, DNS amplification attack and
UDP flood attack. During the analysis process, the irregularity of the network traffic
behaviour shows the characteristic of the botnet are existed in the network. The identified
characteristic of the botnet can be used for future detection tools and mitigation of the botnet. |
|---|