ANALYSIS OF BOTNET CLASSIFICATION AND DETECTION BASED ON C&C CHANNEL

Botnet is a serious threat to cyber-security. Botnet is a robot that can enter the computer and perform DDoS attacks through attacker’s command. Botnets are designed to extract confidential information from network channels such as LAN, Peer or Internet. They perform on hacker's intention through Command & Control(C&C) where attacker can control the whole network and can clinch illegal activities such as identity theft, unauthorized logins and money transactions. Thus, for security reason, it is very important to understand botnet behavior and go through its countermeasures. This thesis draws together the main ideas of network anomaly, botnet behavior, taxonomy of botnet, famous botnet attacks and detections processes. Based on network protocols, botnets are mainly 3 types: IRC, HTTP, and P2P botnet. All 3 botnet's behavior, vulnerability, and detection processes with examples are explained individually in upcoming chapters. Meanwhile saying shortly, IRC Botnet refers to early botnets targeting chat and messaging applications, HTTP Botnet targets internet browsing/domains and P2P Botnet targets peer network i.e. decentralized servers. Each Botnet's design, target, infecting and spreading mechanism can be different from each other. For an instance, IRC Botnet is targeted for small environment attacks where HTTP and P2P are for huge network traffic. Furthermore, detection techniques and algorithms filtration processes are also different among each of them. Based on these individual botnet's behavior, many research papers have analyzed numerous botnet detection techniques such as graph-based structure, clustering algorithm and so on. Thus, this thesis also analyzes popular detection mechanisms, C&C channels, Botnet working patterns, recorded datasets, results and false positive rates of bots prominently found in IRC, HTTP and P2P. Research area covers C&C channels, botnet behavior, domain browsing, IRC, algorithms, intrusion and detection, network and peer, security and test results. Research articles are conducted from scientific books through online source and University of Turku library

Cyber Warfare and the Crime of Aggression: The Need for Individual Accountability on Tomorrow’s Battlefield

As cyberspace matures, the international system faces a new challenge in confronting the use of force. Non-State actors continue to grow in importance, gaining the skill and the expertise necessary to wage asymmetric warfare using non-traditional weaponry that can create devastating real-world consequences. The international legal system must adapt to this battleground and provide workable mechanisms to hold aggressive actors accountable for their actions. The International Criminal Court--the only criminal tribunal in the world with global reach--holds significant promise in addressing this threat. The Assembly of State Parties should construct the definition of aggression to include these emerging challenges. By structuring the definition to confront the challenges of cyberspace--specifically non-State actors, the disaggregation of warfare, and new conceptions of territoriality--the International Criminal Court can become a viable framework of accountability for the wars of the twenty-first century

Distributed Denial of Service Attacks on Cloud Computing Environment‎

This paper aimed to identify the various kinds of distributed denial of service attacks (DDoS) attacks, their destructive capabilities, and most of all, how best these issues could be counter attacked and resolved for the benefit of all stakeholders along the cloud continuum, preferably as permanent solutions. A compilation of the various types of DDoS is done, their strike capabilities and most of all, how best cloud computing environment issues could be addressed and resolved for the benefit of all stakeholders along the cloud continuum. The key challenges against effective DDoS defense mechanism are also explored

Unleashing the Power of Multi-Agent Deep Learning: Cyber-Attack Detection in IoT

Detecting botnet and malware cyber-attacks is a critical task in ensuring the security of computer networks. Traditional methods for identifying such attacks often involve static rules and signatures, which can be easily evaded by attackers. Dl is a subdivision of ML, has shown promise in enhancing the accuracy of detecting botnets and malware by analyzing large amounts of network traffic data and identifying patterns that are difficult to detect with traditional methods. In order to identify abnormal traffic patterns that can be a sign of botnet or malware activity, deep learning models can be taught to learn the intricate interactions and correlations between various network traffic parameters, such as packet size, time intervals, and protocol headers. The models can also be trained to detect anomalies in network traffic, which could indicate the presence of unknown malware. The threat of malware and botnet assaults has increased in frequency with the growth of the IoT. In this research, we offer a unique LSTM and GAN-based method for identifying such attacks. We utilise our model to categorise incoming traffic as either benign or malicious using a dataset of network traffic data from various IoT devices. Our findings show how well our method works by attaining high accuracy in identifying botnet and malware cyberattacks in IoT networks. This study makes a contribution to the creation of stronger and more effective security systems for shielding IoT devices from online dangers.  One of the major advantages of using deep learning for botnet and malware detection is its ability to adapt to new and previously unknown attack patterns, making it a useful tool in the fight against constantly evolving cyber threats. However, DL models require large quantity of labeled data for training, and their performance can be affected by the quality and quantity of the data used.  Deep learning holds great potential for improving the accuracy and effectiveness of botnet and malware detection, and its continued development and application could lead to significant advancements in the field of cybersecurity

Botnet Detection Using Graph Based Feature Clustering

Detecting botnets in a network is crucial because bot-activities impact numerous areas such as security, finance, health care, and law enforcement. Most existing rule and flow-based detection methods may not be capable of detecting bot-activities in an efficient manner. Hence, designing a robust botnet-detection method is of high significance. In this study, we propose a botnet-detection methodology based on graph-based features. Self-Organizing Map is applied to establish the clusters of nodes in the network based on these features. Our method is capable of isolating bots in small clusters while containing most normal nodes in the big-clusters. A filtering procedure is also developed to further enhance the algorithm efficiency by removing inactive nodes from bot detection. The methodology is verified using real-world CTU-13 and ISCX botnet datasets and benchmarked against classification-based detection methods. The results show that our proposed method can efficiently detect the bots despite their varying behaviors