A test bed for detection of botnet infections in low data rate tactical networks

Loading...
Thumbnail Image
Authors
Becker, Russell W.
Subjects
Advisors
Tummala, Murali
McEachen, John
Date of Issue
2009-09
Date
Publisher
Monterey, California: Naval Postgraduate School
Language
Abstract
The propagation of bots into a botnet, and the various malicious activities that could be carried out from within a tactical network, poses a significant threat to network security and tactical operations. This thesis presents a network architecture with the objective of near real-time detection of malicious activity and its propagation within a data rate (bandwidth) limited environment with periodic losses of connectivity without adding significant burden to the network. A test bed is constructed that makes use of an intrusion detection system driven correlation tool, BotHunter, focused on outbound and inbound connections, rather than solely on inbound connections and a honeynet located in a high data rate area of a tactical network. The ability of the proposed architecture to identify malicious activities is validated when both BotHunter and the Honeynet successfully detect a bot infection.
Type
Thesis
Description
Series/Report No
Department
Organization
Naval Postgraduate School (U.S.)
Identifiers
NPS Report Number
Sponsors
Funder
Format
xvi, 61 p. : ill. ;
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
Collections