to what extent is detection dependent on the structure of a botnet?
Answers
Answered by
0
Botnets are collections of computers which have come under the control of a
malicious person or organization, and can be ordered to perform various mali-
cious tasks such as sending spam mail,performing click fraud, farming personal
or other condential information, or performing distributed denial of service at-
tacks. They are currently regarded as one of the major threats to the widespread
use of the Internet, and nding ways to counter them is a challenge of great im-
portance.
The goal of the thesis is to produce a simple prototype which detects botnet
attacks by correlating patterns of anomalous behavior which develop in similar
ways in dierent parts of a network, such as within a sub-set of the computers
within a given subnet. In order to accomplish this we carried out a study of
the literature on analysis methods of this type and decided to exploit a method
which combines both host-level and network-level information to detect anoma-
lous behavior. We selected a suitable platform and operating system to perform
the analysis. We were able to obtain some valuable results from the analysis,
but it was not enough to come up with a precise conclusion.
malicious person or organization, and can be ordered to perform various mali-
cious tasks such as sending spam mail,performing click fraud, farming personal
or other condential information, or performing distributed denial of service at-
tacks. They are currently regarded as one of the major threats to the widespread
use of the Internet, and nding ways to counter them is a challenge of great im-
portance.
The goal of the thesis is to produce a simple prototype which detects botnet
attacks by correlating patterns of anomalous behavior which develop in similar
ways in dierent parts of a network, such as within a sub-set of the computers
within a given subnet. In order to accomplish this we carried out a study of
the literature on analysis methods of this type and decided to exploit a method
which combines both host-level and network-level information to detect anoma-
lous behavior. We selected a suitable platform and operating system to perform
the analysis. We were able to obtain some valuable results from the analysis,
but it was not enough to come up with a precise conclusion.
Answered by
2
A botnet comprises a large number of malware-infected client computers that are controlled by a remote server to perform malicious acts. A remote command and control server can control botnet computers to perform these types of attacks: Stealing private data from clients. ...
Similar questions