Title page for etd-0719115-145411


[Back to Results | New Search]

URN etd-0719115-145411
Author Wen-Ling Lo
Author's Email Address No Public.
Statistics This thesis had been viewed 5650 times. Download 36 times.
Department Information Management
Year 2015
Semester 1
Degree Master
Type of Document
Language zh-TW.Big5 Chinese
Title Botnet Detection Based on HTTP Header Anomaly
Date of Defense 2015-08-04
Page Count 58
Keyword
  • Ant Colony Optimization
  • Behavior of botnets
  • HTTP Header
  • HTTP Botnet
  • DBScan
  • Abstract Nowadays, botnets use virus to infect computers all around the world and turn them into bots. By controlling the large number of bots, attacker can do whatever they want. Most of the botnets receive and send messages through HTTP or P2P channel. No matter which kind of botnet they are, the technology and number of the botnet keep rising in these years.
    In this paper, our target is to find the connection between bots and C&C Server in HTTP. We will analyze the behavior and signature of the traffic which one computer connect to one server through HTTP, and detect the malicious connections.
    In the study, we will analyze the traffic by the following steps. First, we will use DBSCAN to analyze the behavior of traffic, and distribute them into 4 classes. Next, we will use Ant Colony Optimization to detect whether the connection is suspicious or not. Last, we will analyze the HTTP Header’s signature in the traffic. In this study, we can detect the botnets with less information but with a faster speed, and get higher detection rate through analyzing the behavior and signature at the same time.
    Advisory Committee
  • Gu-Hsin Lai - chair
  • D. J. Guan - co-chair
  • Chun-I Fan - co-chair
  • Chia-Mai Chen - advisor
  • Files
  • etd-0719115-145411.pdf
  • Indicate in-campus at 5 year and off-campus access at 5 year.
    Date of Submission 2015-08-25

    [Back to Results | New Search]


    Browse | Search All Available ETDs

    If you have more questions or technical problems, please contact eThesys