University of Twente Student Theses

Login

C&C Botnet Detection over SSL

Bortolameotti, Riccardo (2014) C&C Botnet Detection over SSL.

[img] PDF
1MB
Abstract:Nowadays botnets are playing an important role in the panorama of cyber-crime. These cyber weapons are used to perform malicious activities such financial frauds, cyber-espionage, etc... using infected computers. This threat can be mitigated by detecting C\&C channels on the network. In literature many solutions have been proposed. However, botnet are becoming more and more complex, and currently they are trying to move towards encrypted solutions. In this work, we have designed, implemented and validated a method to detect botnet C\&C communication channels over SSL, the security protocol standard de-facto. We provide a set of SSL features that can be used to detect malicious connections. Using our features, the results indicate that we are able to detect, what we believe to be, a botnet and malicious connections. Our system can also be considered privacy-preserving and lightweight, because the payload is not analyzed and the portion of analyzed traffic is very small. Our analysis also indicates that 0.6\% of the SSL connections were broken. Limitations of the system, its applications and possible future works are also discussed.
Item Type:Essay (Master)
Clients:
SecurityMatters, Netherlands
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:https://purl.utwente.nl/essays/65667
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page