Bot-Malware Data Acquisition System

Student thesis: Master thesis (including HD thesis)

  • Thomas Jacobsen
4. term, Networks and Distributed Systems, Master (Master Programme)
Botnets are one of the most serious security threats to Internet security today. The prerequisite to defeat botnets is to be able to detect them. Present detection systems use data acquisition systems, that are often limited by not being both scalable and cooperative. This project identifies four main criteria and functionalities which, if simultaneously fulfilled, will improve present data acquisition systems. These criteria and functionalities are, that the system should be scalable, collaborative, not vulnerable to evasion techniques and independent of the C\&C channel topology and protocol. A proof of concept system is designed and implemented to prove, that a data acquisition system can be made, which improves present data acquisition systems. The proven system is better than present data acquisition systems by being both scalable and collaborative as well as less vulnerable to evasion. Further, it is demonstrated how this data acquisition system can be used as part of a detection system to give good detection results.
Publication date3 Jun 2015
Number of pages66
ID: 213467360