SlideShare uma empresa Scribd logo

Botminer Clustering Analysis Of Network Traffic For Protocol And Structure Independent Botnet Detecti

ncct
ncct

This document describes BotMiner, a framework for detecting botnets through analysis of network traffic in a monitored network. BotMiner aims to be protocol- and structure-independent by focusing on the intrinsic communication and activity characteristics of botnets. It clusters similar communication and malicious activity patterns to identify hosts that likely belong to the same botnet. BotMiner monitors traffic for the C-plane (command and control communication) and A-plane (malicious activity). It clusters flows in each plane and performs cross-cluster correlation to detect bots by finding hosts that share patterns in both planes. The goal is to generate low false positives/negatives while requiring reasonable computational resources.

TecnologiaNegócios
1 de 39
Baixar para ler offline
BOTMINER: CLUSTERING ANALYSIS OF NETWORK TRAFFIC FOR PROTOCOL- AND STRUCTURE- INDEPENDENT BOTNET DETECTION
INTRODUCTION: Botnets are becoming one of the most serious threats to Internet security. A botnet is a network of compromised machines under the influence of malware (bot) code. The botnet is commandeered by a “botmaster” and utilized as “resource” or “platform” for attacks such as distributed denial-of-service (DDoS) attacks, and fraudulent activities such as spam, phishing, identity theft, and information exfiltration. In order for a botmaster to command a botnet, there needs to be a command and control (C&C) channel through which bots receive commands and coordinate attacks and fraudulent activities. The C&C channel is the means by which individual bots form a botnet.
Centralized C&C structures using the Internet Relay Chat (IRC) protocol have been utilized by botmasters for a long time. Therefore,we need to develop a next generation botnet detection system, which should be independent of the C&C protocol, structure, and infection model of botnets, and be resilient to the change of C&C server addresses. In addition, it should require no a priori knowledge of specific botnets (such as captured bot binaries and hence the botnet signatures, and C&C server names/addresses). In order to design such a general detection system that can resist evolution and changes in botnet C&C techniques, we need to study the intrinsic botnet communication and activity characteristics that remain detectable with the proper detection features.
We thus start with the definition and essential properties of a botnet. We define a botnet as: “A coordinated group of malware instances that are controlled via C&C channels”. If the botmaster commands each bot individually with a different command/channel, the bots are nothing but some isolated/unrelated infections. That is, they do not function as a botnet according to our definition and are out of the scope of this work3.
ABOUT THE PROJECT: We propose a general detection framework that is based on these essential properties of botnets. This framework monitors both who is talking to whom that may suggest C&C communication activities and who is doing what that may suggest malicious activities, and finds a coordinated group pattern in both kinds of activities. More specifically, our detection framework clusters similar communication activities in the C-plane (C&C communication traffic), clusters similar malicious activities in the A-plane (activity traffic), and performs cross cluster correlation to identify the hosts that share both similar communication patterns and similar malicious activity patterns. These hosts, according to the botnet definition and properties discussed above, are bots in the monitored network.
OBJECTIVE: The objective of BotMiner is to detect groups of compromised machines within a monitored network that are part of a botnet. We do so by passively analyzing network traffic in the monitored network. DETECTION APPROACH MEETS SEVERAL GOALS: It is independent of the protocol and structure used for communicating with the botmaster, and is resistant to changes in the location of the C&C server(s). It is independent of the content of the C&C communication. That is,we do not inspect the content of the C&C communication itself, because C&C could be encrypted or use a customized(obscure) protocol. It generates a low number of false positive and false negatives. The analysis of network traffic employs a reasonable amount of resources and time, making detection relatively efficient
EXISTING SYSTEM: Botnets are now the key platform for many Internet attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of the current botnet detection approaches work only on specific botnet command and control (C&C) protocols (e.g., IRC) and structures (e.g., centralized), and can become ineffective as botnets change their C&C techniques.
PROPOSED SYSTEM: In this project, we present a general detection framework that is independent of botnet C&C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C&C server names/addresses). We start from the definition and essential properties of botnets. We define a botnet as a coordinated group of malware instances that are controlled via C&C communication channels. We propose a general detection framework that is based on these essential properties of botnets. This framework monitors both who is talking to whom that may suggest C&C communication activities and who is doing what that may suggest malicious activities, and finds a coordinated group pattern in both kinds of activities.
More specifically, our detection framework clusters similar communication activities in the C-plane (C&C communication traffic), clusters similar malicious activities in the A-plane (activity traffic), and performs cross cluster correlation to identify the hosts that share both similar communication patterns and similar malicious activity patterns. These hosts, according to the botnet definition and properties discussed above, are bots in the monitored network. The objective of BotMiner is to detect groups of compromised machines within a monitored network that are part of a botnet. We do so by passively analyzing network traffic in the monitored network.
MODULES: Loading Screen Login Screen A-Plane Monitor C-Plane Monitor A-Plane Clustering C-Plane Clustering
MODULE DESCRIPTION
LOADING SCREEN: * This module is, just load your project for a certain times. It have your title of the project and it loads for a time. LOGIN SCREEN: * This module is used for enter the user and password. It have the Username and Password. * We have to enter the username and password. * Then select the login button ,If it is right, then it will go to the next screen. * Else it will send the message of enter the correct username and password.
A-PLANE MONITOR: The A-Plane Monitor logs information on who is doing what. It analyzes the outbound traffic through the monitored network and is capable of detecting several malicious activities that the internal hosts may perform. The malware activities are like * Spam * Task Report * SPAM: * If anyone sending Bulk of messages then it will be stored in a Spam folder and it also referred as unwanted messages. * To Stop that kind of activities we are splitting the message by a packets.
* It checks the header, body and content. * TASK REPORT: * It generates the report of the task list performed by other nodes on the network. C-PLANE MONITOR: * It retrieves the type of message transferred and to find the protocol used for communication. A-PLANE CLUSTERING: * The spam activity clustering, because there are very few hosts that show spamming activities in our monitored network, we simply cluster hosts together if they perform spamming.
C-PLANE CLUSTERING: C-plane clustering is responsible for reading the logs generated by the C-plane monitor and finding clusters of machines that share similar communication patterns.
ARCHITECTURE OF BOT-MINER: A-Plane Monitor Spam Task Report A-Plane Clustering Activity Log A-Plane Report Clustering Network Traffic C-Plane Monitor Flow Log C-Plane Clustering
ACTIVITY DIAGRAM: Traffic Monitoring Sending the Spam Receiving By Botnet Attack the near node Detect the content Correct then save it In Correct then save Who is Bot Master in Inbox it in Spam and Who Is Bot Net
USE CASE DIAGRAM: Sending the Content Receiving the content Traffic Forwarding to the next node which is going to be attack by the bot net Checking the content If the content is good then it will save in Inbox If the content is good then it It will display who is bot will save in Spam master and which is bot net
SCREEN SHOTS
SYSTEM REQUIREMENTS: Software: • Client : Windows Client • Software : JAVA Hardware: • Memory : 128MB RAM or above • Secondary Storage : 40 GB HDD or above • FLOPPY DISK : .44 MB or above • Display unit : Color Monitor and other suitable accessories • Processor : PIII or above
SOFTWARE FEATURES: Simple: Java was designed to be easy for the professional programmer to learn and use effectively. Java has another attribute that makes it easy to learn. It makes an effort not to have surprising features. Object-Oriented: Although influenced by its predecessors, Java was not designed to be source-code compatible with any other language. This allowed the Java team the freedom to design with a blank slate Robust: The multiplatformed environment of the web pages extraordinary demands on a program, because the program must execute reliably in a variety of systems. Thus the ability to create robust programs was given a high priority in the design of Java.
Multithreaded: Java was designed to meet the real-world requirement of creating interactive, networked programs. To accomplish this, Java supports multithreaded programming, which allows you to write programs that do many things simultaneously. Architectural-Neutral: A central issue for the designers was that of code longevity and portability. One of the main problems facing programmers is that no guarantee exists that if you write a program today, it will run tomorrow-even on the same machine. Interpreted and High Performance: Java enables the creation of cross-platform programs by compiling into an intermediate representation called java bytecode. This code can be interpreted on any system that provides a Java Virtual Machine.
Distributed: Java is designed for the distributed environment of the Internet, because it handles TCP/IP protocols. In fact, accessing a resource using a URL is not much different from accessing a file. The original version of Java(Oak) included features for intra-address-space messaging..For example:RMI Dynamic: Java programs carry with them substantial amounts of run-time type information that is used to verify and resolve accesses to objects at run time. This makes it possible to dynamically link code in a safe and expedient manner.
FUTURE SCOPE: In future botnets (especially P2P botnets) may utilize evasion techniques to avoid detection, as discussed in Section 4. In our future work, we will study new techniques to monitor/cluster communication and activity patterns of botnets, and these techniques are intended to be more robust to evasion attempts. In addition, we plan to further improve the efficiency of the C-flow converting and clustering algorithms, combine different correlation techniques (e.g., vertical correlation and horizontal correlation), and develop new real-time detection systems based on a layered design using sampling techniques to work in very high speed and very large network environments.
BIBLIOGRAPHY: 1) N. Ianelli and A. Hackworth. Botnets as a vehicle for online crime. http://www.cert.org/archive/pdf/Botnets.pdf, 2005. 2) A. Karasaridis, B. Rexroad, and D. Hoeflin. Widescale botnet detection and characterization. In Proceedings of USENIX HotBots’07, 2007. 3) A. Ramachandran and N. Feamster. Understanding the network- level behavior of spammers. In Proceedings of ACM SIGCOMM’06, 2006. 4) E. Cooke, F. Jahanian, and D. McPherson. The zombie roundup: Understanding, detecting, and disrupting botnets. In Proceedings of USENIX SRUTI’05, 2005.
THANK YOU

Recomendados

A Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection ApproachesA Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection ApproachesFabrizio Farinacci
 
Lightweight C&C based botnet detection using Aho-Corasick NFA
Lightweight C&C based botnet detection using Aho-Corasick NFALightweight C&C based botnet detection using Aho-Corasick NFA
Lightweight C&C based botnet detection using Aho-Corasick NFAIJNSA Journal
 
Towards botnet detection through features using network traffic classification
Towards botnet detection through features using network traffic classificationTowards botnet detection through features using network traffic classification
Towards botnet detection through features using network traffic classificationIJERA Editor
 
Detection of Botnets using Honeypots and P2P Botnets
Detection of Botnets using Honeypots and P2P BotnetsDetection of Botnets using Honeypots and P2P Botnets
Detection of Botnets using Honeypots and P2P BotnetsCSCJournals
 
Presentation1
Presentation1Presentation1
Presentation1Danesh Khandelwal
 
Online stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficOnline stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficeSAT Journals
 
Rail Track Inspector
Rail Track InspectorRail Track Inspector
Rail Track Inspectorncct
 
Distance Protection
Distance ProtectionDistance Protection
Distance Protectionncct
 

Recomendados

A Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection ApproachesA Taxonomy of Botnet Detection Approaches
A Taxonomy of Botnet Detection ApproachesFabrizio Farinacci
 
Lightweight C&C based botnet detection using Aho-Corasick NFA
Lightweight C&C based botnet detection using Aho-Corasick NFALightweight C&C based botnet detection using Aho-Corasick NFA
Lightweight C&C based botnet detection using Aho-Corasick NFAIJNSA Journal
 
Towards botnet detection through features using network traffic classification
Towards botnet detection through features using network traffic classificationTowards botnet detection through features using network traffic classification
Towards botnet detection through features using network traffic classificationIJERA Editor
 
Detection of Botnets using Honeypots and P2P Botnets
Detection of Botnets using Honeypots and P2P BotnetsDetection of Botnets using Honeypots and P2P Botnets
Detection of Botnets using Honeypots and P2P BotnetsCSCJournals
 
Presentation1
Presentation1Presentation1
Presentation1Danesh Khandelwal
 
Online stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficOnline stream mining approach for clustering network traffic
Online stream mining approach for clustering network trafficeSAT Journals
 
Rail Track Inspector
Rail Track InspectorRail Track Inspector
Rail Track Inspectorncct
 
Distance Protection
Distance ProtectionDistance Protection
Distance Protectionncct
 
Paper(edited)
Paper(edited)Paper(edited)
Paper(edited)killswitch4
 
Guarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkGuarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkEditor IJCATR
 
A Survey of Botnet Detection Techniques
A Survey of Botnet Detection TechniquesA Survey of Botnet Detection Techniques
A Survey of Botnet Detection Techniquesijsrd.com
 
A Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior AnalysisA Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior Analysisidescitation
 
Lab3code.c#include stdio.h#include stdlib.h#include.docx
Lab3code.c#include stdio.h#include stdlib.h#include.docxLab3code.c#include stdio.h#include stdlib.h#include.docx
Lab3code.c#include stdio.h#include stdlib.h#include.docxsmile790243
 
Tracing Back The Botmaster
Tracing Back The BotmasterTracing Back The Botmaster
Tracing Back The BotmasterIJERA Editor
 
lab3cdga.ziplab3code.c#include stdio.h#include std.docx
lab3cdga.ziplab3code.c#include stdio.h#include std.docxlab3cdga.ziplab3code.c#include stdio.h#include std.docx
lab3cdga.ziplab3code.c#include stdio.h#include std.docxsmile790243
 
All you know about Botnet
All you know about BotnetAll you know about Botnet
All you know about BotnetNaveen Titare
 
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...IRJET Journal
 
Walowdac Botnet Whitepaper
Walowdac Botnet WhitepaperWalowdac Botnet Whitepaper
Walowdac Botnet WhitepaperKim Jensen
 
Walowdac Botnet Whitepaper
Walowdac Botnet WhitepaperWalowdac Botnet Whitepaper
Walowdac Botnet Whitepaperguest5152f27
 
Botnet Architecture
Botnet ArchitectureBotnet Architecture
Botnet ArchitectureBhagath Singh Jayaprakasam
 
Botnet detection by Imitation method
Botnet detection by Imitation methodBotnet detection by Imitation method
Botnet detection by Imitation methodAcad
 
Botnet communication patterns 2
Botnet communication patterns 2Botnet communication patterns 2
Botnet communication patterns 2killswitch4
 
Detecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsDetecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsFarjad Noor
 
about botnets
about botnetsabout botnets
about botnetsAlain Bindele
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsAlexander Decker
 
Machine Learning Based Botnet Detection
Machine Learning Based Botnet DetectionMachine Learning Based Botnet Detection
Machine Learning Based Botnet Detectionbutest
 
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...ericsuboy
 
Understanding the Botnet Phenomenon
Understanding the Botnet PhenomenonUnderstanding the Botnet Phenomenon
Understanding the Botnet PhenomenonDr. Amarjeet Singh
 
Biomedical Wearable Device For Remote Monitoring Ofphysiological Signals
Biomedical Wearable Device For Remote Monitoring Ofphysiological SignalsBiomedical Wearable Device For Remote Monitoring Ofphysiological Signals
Biomedical Wearable Device For Remote Monitoring Ofphysiological Signalsncct
 
Digital Water Marking For Video Piracy Detection
Digital Water Marking For Video Piracy DetectionDigital Water Marking For Video Piracy Detection
Digital Water Marking For Video Piracy Detectionncct
 

Mais conteúdo relacionado

Semelhante a Botminer Clustering Analysis Of Network Traffic For Protocol And Structure Independent Botnet Detecti

Guarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkGuarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkEditor IJCATR
 
A Survey of Botnet Detection Techniques
A Survey of Botnet Detection TechniquesA Survey of Botnet Detection Techniques
A Survey of Botnet Detection Techniquesijsrd.com
 
A Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior AnalysisA Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior Analysisidescitation
 
Lab3code.c#include stdio.h#include stdlib.h#include.docx
Lab3code.c#include stdio.h#include stdlib.h#include.docxLab3code.c#include stdio.h#include stdlib.h#include.docx
Lab3code.c#include stdio.h#include stdlib.h#include.docxsmile790243
 
Tracing Back The Botmaster
Tracing Back The BotmasterTracing Back The Botmaster
Tracing Back The BotmasterIJERA Editor
 
lab3cdga.ziplab3code.c#include stdio.h#include std.docx
lab3cdga.ziplab3code.c#include stdio.h#include std.docxlab3cdga.ziplab3code.c#include stdio.h#include std.docx
lab3cdga.ziplab3code.c#include stdio.h#include std.docxsmile790243
 
All you know about Botnet
All you know about BotnetAll you know about Botnet
All you know about BotnetNaveen Titare
 
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...IRJET Journal
 
Walowdac Botnet Whitepaper
Walowdac Botnet WhitepaperWalowdac Botnet Whitepaper
Walowdac Botnet WhitepaperKim Jensen
 
Walowdac Botnet Whitepaper
Walowdac Botnet WhitepaperWalowdac Botnet Whitepaper
Walowdac Botnet Whitepaperguest5152f27
 
Botnet detection by Imitation method
Botnet detection by Imitation methodBotnet detection by Imitation method
Botnet detection by Imitation methodAcad
 
Botnet communication patterns 2
Botnet communication patterns 2Botnet communication patterns 2
Botnet communication patterns 2killswitch4
 
Detecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsDetecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsFarjad Noor
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsAlexander Decker
 
Machine Learning Based Botnet Detection
Machine Learning Based Botnet DetectionMachine Learning Based Botnet Detection
Machine Learning Based Botnet Detectionbutest
 
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...ericsuboy
 
Understanding the Botnet Phenomenon
Understanding the Botnet PhenomenonUnderstanding the Botnet Phenomenon
Understanding the Botnet PhenomenonDr. Amarjeet Singh
 

Semelhante a Botminer Clustering Analysis Of Network Traffic For Protocol And Structure Independent Botnet Detecti (20)

Paper(edited)
Paper(edited)Paper(edited)
Paper(edited)
 
Guarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social NetworkGuarding Against Large-Scale Scrabble In Social Network
Guarding Against Large-Scale Scrabble In Social Network
 
A Survey of Botnet Detection Techniques
A Survey of Botnet Detection TechniquesA Survey of Botnet Detection Techniques
A Survey of Botnet Detection Techniques
 
A Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior AnalysisA Dynamic Botnet Detection Model based on Behavior Analysis
A Dynamic Botnet Detection Model based on Behavior Analysis
 
Lab3code.c#include stdio.h#include stdlib.h#include.docx
Lab3code.c#include stdio.h#include stdlib.h#include.docxLab3code.c#include stdio.h#include stdlib.h#include.docx
Lab3code.c#include stdio.h#include stdlib.h#include.docx
 
Tracing Back The Botmaster
Tracing Back The BotmasterTracing Back The Botmaster
Tracing Back The Botmaster
 
lab3cdga.ziplab3code.c#include stdio.h#include std.docx
lab3cdga.ziplab3code.c#include stdio.h#include std.docxlab3cdga.ziplab3code.c#include stdio.h#include std.docx
lab3cdga.ziplab3code.c#include stdio.h#include std.docx
 
All you know about Botnet
All you know about BotnetAll you know about Botnet
All you know about Botnet
 
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
Detecting Victim Systems In Client Networks Using Coarse Grained Botnet Algor...
 
Walowdac Botnet Whitepaper
Walowdac Botnet WhitepaperWalowdac Botnet Whitepaper
Walowdac Botnet Whitepaper
 
Walowdac Botnet Whitepaper
Walowdac Botnet WhitepaperWalowdac Botnet Whitepaper
Walowdac Botnet Whitepaper
 
Botnet Architecture
Botnet ArchitectureBotnet Architecture
Botnet Architecture
 
Botnet detection by Imitation method
Botnet detection by Imitation methodBotnet detection by Imitation method
Botnet detection by Imitation method
 
Botnet communication patterns 2
Botnet communication patterns 2Botnet communication patterns 2
Botnet communication patterns 2
 
Detecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsDetecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT Botnets
 
about botnets
about botnetsabout botnets
about botnets
 
A review botnet detection and suppression in clouds
A review botnet detection and suppression in cloudsA review botnet detection and suppression in clouds
A review botnet detection and suppression in clouds
 
Machine Learning Based Botnet Detection
Machine Learning Based Botnet DetectionMachine Learning Based Botnet Detection
Machine Learning Based Botnet Detection
 
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
2014.7.9 detecting p2 p botnets through network behavior analysis and machine...
 
Understanding the Botnet Phenomenon
Understanding the Botnet PhenomenonUnderstanding the Botnet Phenomenon
Understanding the Botnet Phenomenon
 

Mais de ncct

Biomedical Wearable Device For Remote Monitoring Ofphysiological Signals
Biomedical Wearable Device For Remote Monitoring Ofphysiological SignalsBiomedical Wearable Device For Remote Monitoring Ofphysiological Signals
Biomedical Wearable Device For Remote Monitoring Ofphysiological Signalsncct
 
Digital Water Marking For Video Piracy Detection
Digital Water Marking For Video Piracy DetectionDigital Water Marking For Video Piracy Detection
Digital Water Marking For Video Piracy Detectionncct
 
Self Repairing Tree Topology Enabling Content Based Routing In Local Area Ne...
Self Repairing Tree Topology Enabling Content Based Routing In Local Area Ne...Self Repairing Tree Topology Enabling Content Based Routing In Local Area Ne...
Self Repairing Tree Topology Enabling Content Based Routing In Local Area Ne...ncct
 
Cockpit White Box
Cockpit White BoxCockpit White Box
Cockpit White Boxncct
 
Bot Robo Tanker Sound Detector
Bot Robo Tanker Sound DetectorBot Robo Tanker Sound Detector
Bot Robo Tanker Sound Detectorncct
 
Bluetooth Jammer
Bluetooth JammerBluetooth Jammer
Bluetooth Jammerncct
 
Crypkit 1
Crypkit 1Crypkit 1
Crypkit 1ncct
 
I E E E 2009 Java Projects
I E E E 2009 Java ProjectsI E E E 2009 Java Projects
I E E E 2009 Java Projectsncct
 
B E Projects M C A Projects B
B E Projects M C A Projects BB E Projects M C A Projects B
B E Projects M C A Projects Bncct
 
J2 E E Projects, I E E E Projects 2009
J2 E E Projects, I E E E Projects 2009J2 E E Projects, I E E E Projects 2009
J2 E E Projects, I E E E Projects 2009ncct
 
J2 M E Projects, I E E E Projects 2009
J2 M E Projects, I E E E Projects 2009J2 M E Projects, I E E E Projects 2009
J2 M E Projects, I E E E Projects 2009ncct
 
Engineering College Projects, M C A Projects, B E Projects, B Tech Pr...
Engineering College Projects, M C A Projects, B E Projects, B Tech Pr...Engineering College Projects, M C A Projects, B E Projects, B Tech Pr...
Engineering College Projects, M C A Projects, B E Projects, B Tech Pr...ncct
 
B E M E Projects M C A Projects B
B E M E Projects M C A Projects BB E M E Projects M C A Projects B
B E M E Projects M C A Projects Bncct
 
I E E E 2009 Java Projects, I E E E 2009 A S P
I E E E 2009 Java Projects, I E E E 2009 A S PI E E E 2009 Java Projects, I E E E 2009 A S P
I E E E 2009 Java Projects, I E E E 2009 A S Pncct
 
Advantages Of Software Projects N C C T
Advantages Of Software Projects N C C TAdvantages Of Software Projects N C C T
Advantages Of Software Projects N C C Tncct
 
Engineering Projects
Engineering ProjectsEngineering Projects
Engineering Projectsncct
 
Software Projects Java Projects Mobile Computing
Software Projects Java Projects Mobile ComputingSoftware Projects Java Projects Mobile Computing
Software Projects Java Projects Mobile Computingncct
 
Final Year Engineering Projects
Final Year Engineering ProjectsFinal Year Engineering Projects
Final Year Engineering Projectsncct
 
A S P
A S PA S P
A S Pncct
 
I E E E 2009 A S P
I E E E 2009 A S PI E E E 2009 A S P
I E E E 2009 A S Pncct
 

Mais de ncct (20)

Biomedical Wearable Device For Remote Monitoring Ofphysiological Signals
Biomedical Wearable Device For Remote Monitoring Ofphysiological SignalsBiomedical Wearable Device For Remote Monitoring Ofphysiological Signals
Biomedical Wearable Device For Remote Monitoring Ofphysiological Signals
 
Digital Water Marking For Video Piracy Detection
Digital Water Marking For Video Piracy DetectionDigital Water Marking For Video Piracy Detection
Digital Water Marking For Video Piracy Detection
 
Self Repairing Tree Topology Enabling Content Based Routing In Local Area Ne...
Self Repairing Tree Topology Enabling Content Based Routing In Local Area Ne...Self Repairing Tree Topology Enabling Content Based Routing In Local Area Ne...
Self Repairing Tree Topology Enabling Content Based Routing In Local Area Ne...
 
Cockpit White Box
Cockpit White BoxCockpit White Box
Cockpit White Box
 
Bot Robo Tanker Sound Detector
Bot Robo Tanker Sound DetectorBot Robo Tanker Sound Detector
Bot Robo Tanker Sound Detector
 
Bluetooth Jammer
Bluetooth JammerBluetooth Jammer
Bluetooth Jammer
 
Crypkit 1
Crypkit 1Crypkit 1
Crypkit 1
 
I E E E 2009 Java Projects
I E E E 2009 Java ProjectsI E E E 2009 Java Projects
I E E E 2009 Java Projects
 
B E Projects M C A Projects B
B E Projects M C A Projects BB E Projects M C A Projects B
B E Projects M C A Projects B
 
J2 E E Projects, I E E E Projects 2009
J2 E E Projects, I E E E Projects 2009J2 E E Projects, I E E E Projects 2009
J2 E E Projects, I E E E Projects 2009
 
J2 M E Projects, I E E E Projects 2009
J2 M E Projects, I E E E Projects 2009J2 M E Projects, I E E E Projects 2009
J2 M E Projects, I E E E Projects 2009
 
Engineering College Projects, M C A Projects, B E Projects, B Tech Pr...
Engineering College Projects, M C A Projects, B E Projects, B Tech Pr...Engineering College Projects, M C A Projects, B E Projects, B Tech Pr...
Engineering College Projects, M C A Projects, B E Projects, B Tech Pr...
 
B E M E Projects M C A Projects B
B E M E Projects M C A Projects BB E M E Projects M C A Projects B
B E M E Projects M C A Projects B
 
I E E E 2009 Java Projects, I E E E 2009 A S P
I E E E 2009 Java Projects, I E E E 2009 A S PI E E E 2009 Java Projects, I E E E 2009 A S P
I E E E 2009 Java Projects, I E E E 2009 A S P
 
Advantages Of Software Projects N C C T
Advantages Of Software Projects N C C TAdvantages Of Software Projects N C C T
Advantages Of Software Projects N C C T
 
Engineering Projects
Engineering ProjectsEngineering Projects
Engineering Projects
 
Software Projects Java Projects Mobile Computing
Software Projects Java Projects Mobile ComputingSoftware Projects Java Projects Mobile Computing
Software Projects Java Projects Mobile Computing
 
Final Year Engineering Projects
Final Year Engineering ProjectsFinal Year Engineering Projects
Final Year Engineering Projects
 
A S P
A S PA S P
A S P
 
I E E E 2009 A S P
I E E E 2009 A S PI E E E 2009 A S P
I E E E 2009 A S P
 

Último

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Último (20)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Botminer Clustering Analysis Of Network Traffic For Protocol And Structure Independent Botnet Detecti

  • 1. BOTMINER: CLUSTERING ANALYSIS OF NETWORK TRAFFIC FOR PROTOCOL- AND STRUCTURE- INDEPENDENT BOTNET DETECTION
  • 2. INTRODUCTION: Botnets are becoming one of the most serious threats to Internet security. A botnet is a network of compromised machines under the influence of malware (bot) code. The botnet is commandeered by a “botmaster” and utilized as “resource” or “platform” for attacks such as distributed denial-of-service (DDoS) attacks, and fraudulent activities such as spam, phishing, identity theft, and information exfiltration. In order for a botmaster to command a botnet, there needs to be a command and control (C&C) channel through which bots receive commands and coordinate attacks and fraudulent activities. The C&C channel is the means by which individual bots form a botnet.
  • 3. Centralized C&C structures using the Internet Relay Chat (IRC) protocol have been utilized by botmasters for a long time. Therefore,we need to develop a next generation botnet detection system, which should be independent of the C&C protocol, structure, and infection model of botnets, and be resilient to the change of C&C server addresses. In addition, it should require no a priori knowledge of specific botnets (such as captured bot binaries and hence the botnet signatures, and C&C server names/addresses). In order to design such a general detection system that can resist evolution and changes in botnet C&C techniques, we need to study the intrinsic botnet communication and activity characteristics that remain detectable with the proper detection features.
  • 4. We thus start with the definition and essential properties of a botnet. We define a botnet as: “A coordinated group of malware instances that are controlled via C&C channels”. If the botmaster commands each bot individually with a different command/channel, the bots are nothing but some isolated/unrelated infections. That is, they do not function as a botnet according to our definition and are out of the scope of this work3.
  • 5. ABOUT THE PROJECT: We propose a general detection framework that is based on these essential properties of botnets. This framework monitors both who is talking to whom that may suggest C&C communication activities and who is doing what that may suggest malicious activities, and finds a coordinated group pattern in both kinds of activities. More specifically, our detection framework clusters similar communication activities in the C-plane (C&C communication traffic), clusters similar malicious activities in the A-plane (activity traffic), and performs cross cluster correlation to identify the hosts that share both similar communication patterns and similar malicious activity patterns. These hosts, according to the botnet definition and properties discussed above, are bots in the monitored network.
  • 6. OBJECTIVE: The objective of BotMiner is to detect groups of compromised machines within a monitored network that are part of a botnet. We do so by passively analyzing network traffic in the monitored network. DETECTION APPROACH MEETS SEVERAL GOALS: It is independent of the protocol and structure used for communicating with the botmaster, and is resistant to changes in the location of the C&C server(s). It is independent of the content of the C&C communication. That is,we do not inspect the content of the C&C communication itself, because C&C could be encrypted or use a customized(obscure) protocol. It generates a low number of false positive and false negatives. The analysis of network traffic employs a reasonable amount of resources and time, making detection relatively efficient
  • 7. EXISTING SYSTEM: Botnets are now the key platform for many Internet attacks, such as spam, distributed denial-of-service (DDoS), identity theft, and phishing. Most of the current botnet detection approaches work only on specific botnet command and control (C&C) protocols (e.g., IRC) and structures (e.g., centralized), and can become ineffective as botnets change their C&C techniques.
  • 8. PROPOSED SYSTEM: In this project, we present a general detection framework that is independent of botnet C&C protocol and structure, and requires no a priori knowledge of botnets (such as captured bot binaries and hence the botnet signatures, and C&C server names/addresses). We start from the definition and essential properties of botnets. We define a botnet as a coordinated group of malware instances that are controlled via C&C communication channels. We propose a general detection framework that is based on these essential properties of botnets. This framework monitors both who is talking to whom that may suggest C&C communication activities and who is doing what that may suggest malicious activities, and finds a coordinated group pattern in both kinds of activities.
  • 9. More specifically, our detection framework clusters similar communication activities in the C-plane (C&C communication traffic), clusters similar malicious activities in the A-plane (activity traffic), and performs cross cluster correlation to identify the hosts that share both similar communication patterns and similar malicious activity patterns. These hosts, according to the botnet definition and properties discussed above, are bots in the monitored network. The objective of BotMiner is to detect groups of compromised machines within a monitored network that are part of a botnet. We do so by passively analyzing network traffic in the monitored network.
  • 10. MODULES: Loading Screen Login Screen A-Plane Monitor C-Plane Monitor A-Plane Clustering C-Plane Clustering
  • 12. LOADING SCREEN: * This module is, just load your project for a certain times. It have your title of the project and it loads for a time. LOGIN SCREEN: * This module is used for enter the user and password. It have the Username and Password. * We have to enter the username and password. * Then select the login button ,If it is right, then it will go to the next screen. * Else it will send the message of enter the correct username and password.
  • 13. A-PLANE MONITOR: The A-Plane Monitor logs information on who is doing what. It analyzes the outbound traffic through the monitored network and is capable of detecting several malicious activities that the internal hosts may perform. The malware activities are like * Spam * Task Report * SPAM: * If anyone sending Bulk of messages then it will be stored in a Spam folder and it also referred as unwanted messages. * To Stop that kind of activities we are splitting the message by a packets.
  • 14. * It checks the header, body and content. * TASK REPORT: * It generates the report of the task list performed by other nodes on the network. C-PLANE MONITOR: * It retrieves the type of message transferred and to find the protocol used for communication. A-PLANE CLUSTERING: * The spam activity clustering, because there are very few hosts that show spamming activities in our monitored network, we simply cluster hosts together if they perform spamming.
  • 15. C-PLANE CLUSTERING: C-plane clustering is responsible for reading the logs generated by the C-plane monitor and finding clusters of machines that share similar communication patterns.
  • 16. ARCHITECTURE OF BOT-MINER: A-Plane Monitor Spam Task Report A-Plane Clustering Activity Log A-Plane Report Clustering Network Traffic C-Plane Monitor Flow Log C-Plane Clustering
  • 17. ACTIVITY DIAGRAM: Traffic Monitoring Sending the Spam Receiving By Botnet Attack the near node Detect the content Correct then save it In Correct then save Who is Bot Master in Inbox it in Spam and Who Is Bot Net
  • 18. USE CASE DIAGRAM: Sending the Content Receiving the content Traffic Forwarding to the next node which is going to be attack by the bot net Checking the content If the content is good then it will save in Inbox If the content is good then it It will display who is bot will save in Spam master and which is bot net
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33. SYSTEM REQUIREMENTS: Software: • Client : Windows Client • Software : JAVA Hardware: • Memory : 128MB RAM or above • Secondary Storage : 40 GB HDD or above • FLOPPY DISK : .44 MB or above • Display unit : Color Monitor and other suitable accessories • Processor : PIII or above
  • 34. SOFTWARE FEATURES: Simple: Java was designed to be easy for the professional programmer to learn and use effectively. Java has another attribute that makes it easy to learn. It makes an effort not to have surprising features. Object-Oriented: Although influenced by its predecessors, Java was not designed to be source-code compatible with any other language. This allowed the Java team the freedom to design with a blank slate Robust: The multiplatformed environment of the web pages extraordinary demands on a program, because the program must execute reliably in a variety of systems. Thus the ability to create robust programs was given a high priority in the design of Java.
  • 35. Multithreaded: Java was designed to meet the real-world requirement of creating interactive, networked programs. To accomplish this, Java supports multithreaded programming, which allows you to write programs that do many things simultaneously. Architectural-Neutral: A central issue for the designers was that of code longevity and portability. One of the main problems facing programmers is that no guarantee exists that if you write a program today, it will run tomorrow-even on the same machine. Interpreted and High Performance: Java enables the creation of cross-platform programs by compiling into an intermediate representation called java bytecode. This code can be interpreted on any system that provides a Java Virtual Machine.
  • 36. Distributed: Java is designed for the distributed environment of the Internet, because it handles TCP/IP protocols. In fact, accessing a resource using a URL is not much different from accessing a file. The original version of Java(Oak) included features for intra-address-space messaging..For example:RMI Dynamic: Java programs carry with them substantial amounts of run-time type information that is used to verify and resolve accesses to objects at run time. This makes it possible to dynamically link code in a safe and expedient manner.
  • 37. FUTURE SCOPE: In future botnets (especially P2P botnets) may utilize evasion techniques to avoid detection, as discussed in Section 4. In our future work, we will study new techniques to monitor/cluster communication and activity patterns of botnets, and these techniques are intended to be more robust to evasion attempts. In addition, we plan to further improve the efficiency of the C-flow converting and clustering algorithms, combine different correlation techniques (e.g., vertical correlation and horizontal correlation), and develop new real-time detection systems based on a layered design using sampling techniques to work in very high speed and very large network environments.
  • 38. BIBLIOGRAPHY: 1) N. Ianelli and A. Hackworth. Botnets as a vehicle for online crime. http://www.cert.org/archive/pdf/Botnets.pdf, 2005. 2) A. Karasaridis, B. Rexroad, and D. Hoeflin. Widescale botnet detection and characterization. In Proceedings of USENIX HotBots’07, 2007. 3) A. Ramachandran and N. Feamster. Understanding the network- level behavior of spammers. In Proceedings of ACM SIGCOMM’06, 2006. 4) E. Cooke, F. Jahanian, and D. McPherson. The zombie roundup: Understanding, detecting, and disrupting botnets. In Proceedings of USENIX SRUTI’05, 2005.