AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


Bot-Malware Data Acquisition System

Author

Term

4. term

Education

Networks and Distributed Systems, Master

Publication year

2015

Submitted on

Pages

66

Abstract

Botnets er en af de største trusler mod internettets sikkerhed. For at bekæmpe dem skal vi først kunne opdage dem. Dagens detektionsløsninger bygger på dataindsamlingssystemer, som ofte ikke både kan skaleres og understøtte samarbejde. I dette projekt peger vi på fire krav, som samtidig skal være opfyldt for at forbedre dataindsamlingen: at systemet er skalerbart; at det er samarbejdende på tværs af deltagere; at det er robust over for omgåelsesteknikker (metoder angribere bruger for at skjule sig); og at det er uafhængigt af C&C-kanalens topologi og protokol, dvs. fungerer uanset hvordan botnettet kommunikerer. Vi designer og implementerer et proof-of-concept dataindsamlingssystem, der viser, at disse mål kan nås. Systemet er både skalerbart og samarbejdende og er mindre sårbart over for omgåelse end eksisterende løsninger. Derudover demonstrerer vi, hvordan systemet kan indgå i et detektionssystem og give lovende detektionsresultater.

Botnets are one of the biggest threats to Internet security. To counter them, we must first be able to detect them. Today’s detection tools rely on data collection components that often cannot be both scalable and collaborative at the same time. This project highlights four requirements that, when met together, improve data collection: the system must be scalable; collaborative across participants; resistant to evasion techniques (methods attackers use to avoid detection); and independent of the command-and-control (C&C) channel’s topology and protocol, meaning it works regardless of how bots communicate. We design and implement a proof-of-concept data acquisition system that shows these goals are achievable. The system is both scalable and collaborative and is less vulnerable to evasion than existing approaches. We also demonstrate how it can be used within a detection system to deliver promising detection results.

[This abstract was generated with the help of AI]

Keywords

Botnet, bot-malware, vbs, data, acquisition

Documents

Download
View record in AAU Student Projects