Beruflich Dokumente
Kultur Dokumente
ABSTRACT
We introduce a novel two-stage approach form the important cyber-security problem of
detecting then presence of a botnet and identifying the compromised nodes (the bots), ideally
before the botnet becomes active. The first stage detects anomalies by leveraging large
deviations of an empirical distribution.
EXISTING SYSTEM
A botnet is a network of compromised computers controlled by a botmaster. Botnets
are typically used for Distributed Denial-of-Service (DDoS) attacks, click fraud, or spamming.
DDoS attacks flood the victim with packets/requests from many bots, effectively consuming
critical resources and denying service to legitimate users. Botnet attacks are widespread. In a
recent survey, 300 out of 1000 surveyed businesses have suffered from DDoS attacks and 65%
of the attacks cause up to $10,000 loss per hour. Both click fraud and spamming are harmful to
the web economy.
DISADVANTAGES
Both click fraud and spamming are harmful to the web economy. Because of these losses,
botnet detection has received considerable attention.
PROPOSED SYSTEM
We propose two approaches to create the empirical distribution: a flow-based approach
estimating the histogram of quantized flows, and a graph based approach estimating the degree
distribution of node interaction graphs, encompassing both Erdos-Renyi graphs and scale-free
graphs. The second stage detects the bots using ideas from social network community detection
in a graph that captures correlations of interactions among nodes over time. Community
detection is done by maximizing a modularity measure in this graph. The modularity
#13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore 6.
Off: 0416-2247353 / 6066663 Mo: +91 9500218218
Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com
ADVANTAGES
Network anomalies that are associated with the presence of a botnet while the second
stage identifies the bots by analyzing these anomalies.
Botmasters or attack targets are easier to detect because they communicate with many
other nodes, and the activities of infected machines are more correlated with each other
than those of normal machines.
MODULES
Anomaly detection
Botnet discovery
Experimental results
SYSTEM CONFIGURATION
HARDWARE CONFIGURATION
Processor
Speed
1.1 Ghz
RAM
1 GB
Hard Disk
80 GB
Key Board
Mouse
Monitor
SVGA
Operating System
Windows Family
Programming Language
JAVA
Java Version
SOFTWARE CONFIGURATION
#13/ 19, 1st Floor, Municipal Colony, Kangayanellore Road, Gandhi Nagar, Vellore 6.
Off: 0416-2247353 / 6066663 Mo: +91 9500218218
Website: www.shakastech.com, Email - id: shakastech@gmail.com, info@shakastech.com