Title page for etd-0906112-214543


[Back to Results | New Search]

URN etd-0906112-214543
Author Peng Yu Yang
Author's Email Address No Public.
Statistics This thesis had been viewed 5370 times. Download 434 times.
Department Information Management
Year 2011
Semester 2
Degree Master
Type of Document
Language zh-TW.Big5 Chinese
Title Detecting Botnet-based Joint Attacks by Hidden Markov Model
Date of Defense 2012-07-26
Page Count 61
Keyword
  • Intrusion Detection System
  • Botnet
  • Hidden Markov Chain
  • Abstract We present a new detection model include monitoring network perimeter and hosts logs to counter the new method of attacking involve different hosts source during an attacking sequence. The new attacking sequence we called “Scout and Intruder” involve two separate hosts. The scout will scan and evaluate the target area to find the possible victims and their vulnerability, and the intruder launch the precision strike with login activities looked as same as authorized users. By launching the scout and assassin attack, the attacker could access the system without being detected by the network and system intrusion detection system. In order to detect the Scout and intruder attack, we correlate the netflow connection records, the system logs and network data dump, by finding the states of the attack and the corresponding features we create the detection model using the Hidden Markov Chain. With the model we created, we could find the potential Scout and the Intruder attack in the initial state, which gives the network/system administrator more response time to stop the attack from the attackers.
    Advisory Committee
  • D. J. Guan - chair
  • Sheng-Tzong Cheng - co-chair
  • Chia-Mei Chen - advisor
  • Files
  • etd-0906112-214543.pdf
  • Indicate in-campus at 5 year and off-campus access at 5 year.
    Date of Submission 2012-09-06

    [Back to Results | New Search]


    Browse | Search All Available ETDs

    If you have more questions or technical problems, please contact eThesys