| Summary: | 碩士 === 國立成功大學 === 電腦與通信工程研究所 === 102 === In recent years, botnet is widely adopted by hackers as the tool for cybercrime. Especially, the P2P botnet with decentralized communication structure is more difficult to detect and trace. The detection methods proposed in previous works require signatures of known botnet or training data in statistics to define a specific threshold for identifying anomalous network traffic. However, these approaches are not generic solutions. Whenever the behavior of botnet is changed or a new variant of botnet appears, we have no choice but to redesign a new method. As mentioned above, it is definitely essential to present a generic detection method.
Since same bots are infected by the same binary, the communication traffic would be very similar. Even if botnet updates or mutates, the same bots still share high similarity. We proposed a multi-dimensional similarity measure based on three major characteristics which can find out anomalous traffic with high similarity and further detect unknown P2P botnet.
|
|---|
