New P2P Botnets Classification And Detection Framework

Abdullah, Raihana Syahirah (2016) New P2P Botnets Classification And Detection Framework. Doctoral thesis, Universiti Teknikal Malaysia Melaka.

[img] Text (24 Pages)
New P2P Botnets Classification And Detection Framework 24 Pages.pdf - Submitted Version

Download (317kB)
[img] Text (Full Text)
New P2P Botnets Classification And Detection Framework.pdf - Submitted Version
Restricted to Registered users only

Download (6MB)

Abstract

Botnets is a tool for high-profile cyber-attack. It is a collection of compromised computer infected with advance malware that allows an attacker to remotely control them. Some botnets used Peer to Peer (P2P) protocols and Peer to Peer (P2P) technology to control computers and exploits users. They are known as P2P Botnets. The unification of botnets and P2P technology make it more powerful and robust to be detected. Latest P2P botnets caused crisis and chaos to the network security. In order to deal with the issue, framework is needed to illustrate and explain the modules, terminologies and procedures as an important parts to implement the detection. But, the current P2P botnets detection frameworks are still not comprehensive enough to recognize the emergence of latest P2P botnets that cause financial loss and data damage to the network of the organization. Previous frameworks are incomplete and contained many of limitations which require some improvement. Lower detection rate and higher false alarms increase the failure of botnets detection. Hence, higher false alarm significantly causes ineffectiveness of detection. Due to the issues faced to identify the P2P botnets activities, the main objective of this research is to enhance P2P botnets detection framework using integrated approach. A complete analysis flow is performed to detect and classify the P2P botnets by adopting integrated analyser and integrated analysis. Besides developing a new framework, the research analysis classifies the behaviour of P2P botnets in order to differentiate between the P2P normal and P2P botnets. Through classification, this research introduces a generic P2P attack pattern and P2P behavioural model. Both generic P2P attack pattern and P2P behavioural model are then applied to develop the integrated approach that is used to validate the new P2P botnets detection. In evaluation and validation, the results showed that a new P2P botnets detection framework has effectively obtained high accuracy, high detection rates and lower false alarm. Significantly, the process of finding, identifying, classifying and detecting the P2P botnets is collaborated with Cyber Security Malaysia. Hence, this research introduces an enhancement framework to detect P2P botnets activities and validated by integrated approach that helps the network administrator to identify the existence of P2P botnets.

Item Type: Thesis (Doctoral)
Uncontrolled Keywords: Peer-to-peer architecture (Computer networks), Application software, Computer networks
Subjects: T Technology > T Technology (General)
T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisions: Library > Tesis > FTMK
Depositing User: Nor Aini Md. Jali
Date Deposited: 01 Jun 2017 05:43
Last Modified: 10 Oct 2021 16:38
URI: http://eprints.utem.edu.my/id/eprint/18573
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item