A master thesis from Aalborg University
Botnet detection using Hidden Markov Models
[Botnet detektion ved brug af Skjulte Markov Modeller]
Author(s)
Term
4. term
Education
Publication year
2014
Submitted on
2014-06-02
Pages
96 pages
Abstract
Baseret på en undersøgelse af botnet problemet og lignende forskning der løser det, foreslås en ny metode til at løse problemet. Metoden omfatter en livscyklus model for en vært maskine der bliver inficeret med bot malware og bliver en del af et botnet. Det hævdes, at Intrusion Detection Systemer kan bruges til at danne alarmer der formidler information om den ukendte livscyklus tilstand i værten. Livscyklus modellen med skjulte tilstande og advarsler relateret til disse tilstande passer perfekt med en Skjult Markov model. Det vises, at livscyklus, alarmerne og Skjulte Markov Modeller kan kombineres til at estimere livscyklus tilstanden for værter, kun ved hjælp af observation gjort i netværket. Resultatet er en sand positiv rate på 100.000%, en falsk positiv rate på 1,068%, resulterende i præcision på 98,947%, på påvisning af værter med en bot malware infektion.
Based on a study of the botnet problem and related work solving it, a novel method to solve the problem is proposed. The method encompasses a life-cycle model for a host machine becoming infected with bot malware and being part of a botnet. It is argued that Intrusion Detection Systems can be used to obtain alerts conveying information about the unknown life-cycle state of hosts. The life-cycle model with unobservable states and the alerts related to states fits perfectly with a Hidden Markov Model. It is shown that the life-cycle, the alerts and the Hidden Markov Model can be combined to estimate the life-cycle state of hosts, only relying on data observable in the network. The result is a true positive rate of 100.000%, a false positive rate of 1.068%, yielding an accuracy of 98.947%, on the detection of host with a bot malware infection.
Keywords
malware ; bot ; botnet ; detection ; hidden markov model ; hmm ; life-cycle
Documents
Colophon: This page is part of the AAU Student Projects portal, which is run by Aalborg University. Here, you can find and download publicly available bachelor's theses and master's projects from across the university dating from 2008 onwards. Student projects from before 2008 are available in printed form at Aalborg University Library.
If you have any questions about AAU Student Projects or the research registration, dissemination and analysis at Aalborg University, please feel free to contact the VBN team. You can also find more information in the AAU Student Projects FAQs.