• صفحه اصلی
  • جستجوی پیشرفته
  • فهرست کتابخانه ها
  • درباره پایگاه
  • ارتباط با ما
  • تاریخچه

عنوان
On Using Graph Structures in Network Communications for Peer-To-Peer Botnet Detection

پدید آورنده
Joshi, Harshvardhan P.

موضوع
Computer engineering,Computer science,Information technology

رده

کتابخانه
مرکز و کتابخانه مطالعات اسلامی به زبان‌های اروپایی

محل استقرار
استان: قم ـ شهر: قم

مرکز و کتابخانه مطالعات اسلامی به زبان‌های اروپایی

تماس با کتابخانه : 32910706-025

شماره کتابشناسی ملی

شماره
TLpq2499861309

زبان اثر

زبان متن نوشتاري يا گفتاري و مانند آن
انگلیسی

عنوان و نام پديدآور

عنوان اصلي
On Using Graph Structures in Network Communications for Peer-To-Peer Botnet Detection
نام عام مواد
[Thesis]
نام نخستين پديدآور
Joshi, Harshvardhan P.
نام ساير پديدآوران
Stallmann, Matthias

وضعیت نشر و پخش و غیره

نام ناشر، پخش کننده و غيره
North Carolina State University
تاریخ نشرو بخش و غیره
2020

مشخصات ظاهری

نام خاص و کميت اثر
116

یادداشتهای مربوط به پایان نامه ها

جزئيات پايان نامه و نوع درجه آن
Ph.D.
کسي که مدرک را اعطا کرده
North Carolina State University
امتياز متن
2020

یادداشتهای مربوط به خلاصه یا چکیده

متن يادداشت
Botnets are used for malicious purposes, such as spam and denial of service, with huge economic costs to the society. Decentralized command & control structures of peer-to-peer (P2P) botnets make them more resilient to disruptions. However, these P2P overlay structures appear in communication graphs that are built from network flow meta-data, and can be detected using community detection techniques from graph theory. This is a promising approach for P2P botnet detection because it can work independent of device hardware and software, and is resilient to obfuscations employed by the botnets. In this thesis we formulate and address several research questions relating to the problem of P2P botnet community detection in network communication graphs, in a real-world context. First, we investigate whether P2P botnet community structures can be detected with only partial communication graph, since traffic from an entire P2P botnet is unlikely to be available in the real-world. We analyze the effectiveness of general purpose community detection algorithms from graph theory in detecting P2P botnet communities, with various levels of partial information availability. The results show that the approach can work with only about half of the nodes reporting their communication information, with only small increase in detection errors. Second, we ask how to improve the efficiency of P2P botnet community detection, given that previously proposed community-based botnet detection algorithms are too slow for real-time deployment. We propose GADFly, an algorithm that reduces computation time by using the inherent structure in communication graph to reduce the problem size, while focusing on suspicious P2P communities of interest to improve the precision. Our experiments show that GADFly is 1.5 to 10 times faster than the popular general purpose Louvain algorithm, with comparable recall and improved precision.  Third, we ask how to improve the precision of P2P botnet community detection to a level that is practically useful. In our proposed algorithm BotCLAM, we combine insights into the structure of communication graphs and differing definitions of community to improve the precision of P2P botnet community detection. We show that the precision with BotCLAM is 2 to 10 times higher than Louvain and about 50% higher than the GADFly algorithm, with comparable or better recall. Fourth, we investigate whether the P2P botnet community can be identified from the detected communities by simply using the communities' graph structural characteristics. We identify P2P botnet command & control traffic characteristics that influence the communication graph structure, and the metrics to measure these structural properties. We propose a tunable approach

موضوع (اسم عام یاعبارت اسمی عام)

موضوع مستند نشده
Computer engineering
موضوع مستند نشده
Computer science
موضوع مستند نشده
Information technology

نام شخص به منزله سر شناسه - (مسئولیت معنوی درجه اول )

مستند نام اشخاص تاييد نشده
Joshi, Harshvardhan P.
مستند نام اشخاص تاييد نشده
Stallmann, Matthias

دسترسی و محل الکترونیکی

نام الکترونيکي
 مطالعه متن کتاب 

وضعیت انتشار

فرمت انتشار
p

اطلاعات رکورد کتابشناسی

نوع ماده
[Thesis]
کد کاربرگه
276903

اطلاعات دسترسی رکورد

سطح دسترسي
a
تكميل شده
Y

پیشنهاد / گزارش اشکال

اخطار! اطلاعات را با دقت وارد کنید
ارسال انصراف
این پایگاه با مشارکت موسسه علمی - فرهنگی دارالحدیث و مرکز تحقیقات کامپیوتری علوم اسلامی (نور) اداره می شود
مسئولیت صحت اطلاعات بر عهده کتابخانه ها و حقوق معنوی اطلاعات نیز متعلق به آنها است
برترین جستجوگر - پنجمین جشنواره رسانه های دیجیتال