SlideShare a Scribd company logo

Hades_poster_Comad

Pratik Narang
Pratik Narang

Poster of my poster paper at COMAD 2014 conference

Education
1 of 1
Download to read offline
Hades: A Hadoop-based Framework for Detection of Peer-to-Peer Botnets Pratik Narang, Abhishek Thakur, Chittaranjan Hota Birla Institute of Technology & Science – Pilani, Hyderabad Campus Hyderabad, Telangana – 5000 78, India Abstract  This paper presents Hades, a Hadoop-based framework for detection of P2P botnets in an enterprise-level network, which is distributed and scalable by design.  Our work uses the Hadoop-ecosystem to adopt a ‘host- aggregation based’ approach which aggregates behavioral metrics for each P2P host seen in network communications, and uses them to distinguish between benign P2P hosts and hosts infected by P2P botnets.  We propose a distributed data-collection architecture which can monitor inside-to-inside LAN traffic, as opposed to relying solely on the NetFlow information available at a backbone router which cannot see the LAN communications happening in the network. … Data nodes P2P bots detected Name node 2. Parse Packets with Tshark 5. Feature set evaluated against models built with Mahout 4. Host-based features extracted with Hive 3. Push data to HDFS 1. Data collection Trigger Firewall rules Distributed Systems Lab Student Hostels 0 10 20 30 40 50 60 70 80 90 100 True Positive False Positive True Positive False Positive Training Testing Botnet Benign Features extracted per host  Number of distinct destination hosts contacted  The total volume of data sent from the source host  The average of the TTL value of the packets sent from the source host Hive Queries  CREATE EXTERNAL TABLE packet_data ( timestamp DECIMAL, ip_source STRING, ip_dest STRING, ttl INT, proto INT, payload_length INT ) ROW FORMAT DELIMITED FIELDS TERMINATED BY ‘,’ LOCATION ‘/user/hdfs/PacketDump’;  CREATE TABLE host_data ( host STRING, destinations DECIMAL, avg_ttl DECIMAL, volume BIGINT ) ROW FORMAT DELIMITED FIELDS TERMINATED BY ‘,’ LINES TERMINATED BY ‘n’ STORED AS TEXTFILE;  INSERT INTO TABLE host_data SELECT ip_source, COUNT (DISTINCT ip_dest), AVG(ttl), SUM(payload_length) FROM packet_data GROUP BY ip_source; References 1. J. Zhang, R. Perdisci, W. Lee, X. Luo, and U. Sarfraz., Building a scalable system for stealthy p2p-botnet detection. Information Forensics and Security, IEEE Transactions on, 9(1):27-38, 2014. 2. T.-F. Yen and M. K. Reiter. Are your hosts trading or plotting? telling p2p file-sharing and bots apart. In Proceedings of the 2010 30th International Conference on Distributed Computing Systems, ICDCS '10, pages 241- 252. IEEE, 2010. 3. P. Narang, C. Hota, and V.N. Venkatakrishnan. Peershark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification. EURASIP Journal on Information Security, 2014(1):1-12, 2014. Results with Random Forests over Mahout This research work was supported by grants from Department of Information Technology, Government of India Datasets Data type .pcap format .csv format P2P Botnet 14 GB 6.6 GB P2P Benign 6 GB 3.9 GB

Recommended

Hades
HadesHades
HadesPratik Narang
 
Efficient Similarity Search over Encrypted Data
Efficient Similarity Search over Encrypted DataEfficient Similarity Search over Encrypted Data
Efficient Similarity Search over Encrypted DataIRJET Journal
 
A Survey on Efficient Privacy-Preserving Ranked Keyword Search Method
A Survey on Efficient Privacy-Preserving Ranked Keyword Search MethodA Survey on Efficient Privacy-Preserving Ranked Keyword Search Method
A Survey on Efficient Privacy-Preserving Ranked Keyword Search MethodIRJET Journal
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionMapR Technologies
 
poster draft 5
poster draft 5poster draft 5
poster draft 5Mitchell Baller
 
Privacy Preserving MFI Based Similarity Measure For Hierarchical Document Clu...
Privacy Preserving MFI Based Similarity Measure For Hierarchical Document Clu...Privacy Preserving MFI Based Similarity Measure For Hierarchical Document Clu...
Privacy Preserving MFI Based Similarity Measure For Hierarchical Document Clu...IJORCS
 
Efficient Similarity Search Over Encrypted Data
Efficient Similarity Search Over Encrypted DataEfficient Similarity Search Over Encrypted Data
Efficient Similarity Search Over Encrypted DataIRJET Journal
 
An Evaluation and Overview of Indices Based on Arabic Documents
An Evaluation and Overview of Indices Based on Arabic DocumentsAn Evaluation and Overview of Indices Based on Arabic Documents
An Evaluation and Overview of Indices Based on Arabic DocumentsIJCSEA Journal
 

Recommended

Hades
HadesHades
HadesPratik Narang
 
Efficient Similarity Search over Encrypted Data
Efficient Similarity Search over Encrypted DataEfficient Similarity Search over Encrypted Data
Efficient Similarity Search over Encrypted DataIRJET Journal
 
A Survey on Efficient Privacy-Preserving Ranked Keyword Search Method
A Survey on Efficient Privacy-Preserving Ranked Keyword Search MethodA Survey on Efficient Privacy-Preserving Ranked Keyword Search Method
A Survey on Efficient Privacy-Preserving Ranked Keyword Search MethodIRJET Journal
 
Hadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionHadoop / Spark on Malware Expression
Hadoop / Spark on Malware ExpressionMapR Technologies
 
poster draft 5
poster draft 5poster draft 5
poster draft 5Mitchell Baller
 
Privacy Preserving MFI Based Similarity Measure For Hierarchical Document Clu...
Privacy Preserving MFI Based Similarity Measure For Hierarchical Document Clu...Privacy Preserving MFI Based Similarity Measure For Hierarchical Document Clu...
Privacy Preserving MFI Based Similarity Measure For Hierarchical Document Clu...IJORCS
 
Efficient Similarity Search Over Encrypted Data
Efficient Similarity Search Over Encrypted DataEfficient Similarity Search Over Encrypted Data
Efficient Similarity Search Over Encrypted DataIRJET Journal
 
An Evaluation and Overview of Indices Based on Arabic Documents
An Evaluation and Overview of Indices Based on Arabic DocumentsAn Evaluation and Overview of Indices Based on Arabic Documents
An Evaluation and Overview of Indices Based on Arabic DocumentsIJCSEA Journal
 
An Evaluation and Overview of Indices Based on Arabic Documents
An Evaluation and Overview of Indices Based on Arabic DocumentsAn Evaluation and Overview of Indices Based on Arabic Documents
An Evaluation and Overview of Indices Based on Arabic DocumentsIJCSEA Journal
 
Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsDETER-Project
 
WoSC19: Serverless Workflows for Indexing Large Scientific Data
WoSC19: Serverless Workflows for Indexing Large Scientific DataWoSC19: Serverless Workflows for Indexing Large Scientific Data
WoSC19: Serverless Workflows for Indexing Large Scientific DataUniversity of Chicago
 
A Modified Technique For Performing Data Encryption & Data Decryption
A Modified Technique For Performing Data Encryption & Data DecryptionA Modified Technique For Performing Data Encryption & Data Decryption
A Modified Technique For Performing Data Encryption & Data DecryptionIJERA Editor
 
Computing Outside The Box June 2009
Computing Outside The Box June 2009Computing Outside The Box June 2009
Computing Outside The Box June 2009Ian Foster
 
Share and analyze geonomic data at scale by Andy Petrella and Xavier Tordoir
Share and analyze geonomic data at scale by Andy Petrella and Xavier TordoirShare and analyze geonomic data at scale by Andy Petrella and Xavier Tordoir
Share and analyze geonomic data at scale by Andy Petrella and Xavier TordoirSpark Summit
 
mcubed london - data science at the edge
mcubed london - data science at the edgemcubed london - data science at the edge
mcubed london - data science at the edgeSimon Elliston Ball
 
Large Scale Processing of Unstructured Text
Large Scale Processing of Unstructured TextLarge Scale Processing of Unstructured Text
Large Scale Processing of Unstructured TextDataWorks Summit
 
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
 
Constructing inter domain packet filters to control ip (synopsis)
Constructing inter domain packet filters to control ip (synopsis)Constructing inter domain packet filters to control ip (synopsis)
Constructing inter domain packet filters to control ip (synopsis)Mumbai Academisc
 
Hota iitd
Hota iitdHota iitd
Hota iitdPratik Narang
 
P2P Security
P2P SecurityP2P Security
P2P SecurityChittaranjan Hota
 
Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Mumbai Academisc
 
Peer to peer Paradigms
Peer to peer ParadigmsPeer to peer Paradigms
Peer to peer Paradigmshassan ahmed
 
Tapestry
TapestryTapestry
TapestrySutha31
 
M dgx mde0mdm=
M dgx mde0mdm=M dgx mde0mdm=
M dgx mde0mdm=International Journal of Science and Research (IJSR)
 
Introduction P2p
Introduction P2pIntroduction P2p
Introduction P2pDavide Carboni
 
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS ijp2p
 
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTSCOMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTSijp2p
 
A017510102
A017510102A017510102
A017510102IOSR Journals
 
IRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET Journal
 
UNIT III DIS.pptx
UNIT III DIS.pptxUNIT III DIS.pptx
UNIT III DIS.pptxSamPrem3
 

More Related Content

What's hot

An Evaluation and Overview of Indices Based on Arabic Documents
An Evaluation and Overview of Indices Based on Arabic DocumentsAn Evaluation and Overview of Indices Based on Arabic Documents
An Evaluation and Overview of Indices Based on Arabic DocumentsIJCSEA Journal
 
Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsDETER-Project
 
WoSC19: Serverless Workflows for Indexing Large Scientific Data
WoSC19: Serverless Workflows for Indexing Large Scientific DataWoSC19: Serverless Workflows for Indexing Large Scientific Data
WoSC19: Serverless Workflows for Indexing Large Scientific DataUniversity of Chicago
 
A Modified Technique For Performing Data Encryption & Data Decryption
A Modified Technique For Performing Data Encryption & Data DecryptionA Modified Technique For Performing Data Encryption & Data Decryption
A Modified Technique For Performing Data Encryption & Data DecryptionIJERA Editor
 
Computing Outside The Box June 2009
Computing Outside The Box June 2009Computing Outside The Box June 2009
Computing Outside The Box June 2009Ian Foster
 
Share and analyze geonomic data at scale by Andy Petrella and Xavier Tordoir
Share and analyze geonomic data at scale by Andy Petrella and Xavier TordoirShare and analyze geonomic data at scale by Andy Petrella and Xavier Tordoir
Share and analyze geonomic data at scale by Andy Petrella and Xavier TordoirSpark Summit
 
mcubed london - data science at the edge
mcubed london - data science at the edgemcubed london - data science at the edge
mcubed london - data science at the edgeSimon Elliston Ball
 
Large Scale Processing of Unstructured Text
Large Scale Processing of Unstructured TextLarge Scale Processing of Unstructured Text
Large Scale Processing of Unstructured TextDataWorks Summit
 

What's hot (8)

An Evaluation and Overview of Indices Based on Arabic Documents
An Evaluation and Overview of Indices Based on Arabic DocumentsAn Evaluation and Overview of Indices Based on Arabic Documents
An Evaluation and Overview of Indices Based on Arabic Documents
 
Replay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network TestbedsReplay of Malicious Traffic in Network Testbeds
Replay of Malicious Traffic in Network Testbeds
 
WoSC19: Serverless Workflows for Indexing Large Scientific Data
WoSC19: Serverless Workflows for Indexing Large Scientific DataWoSC19: Serverless Workflows for Indexing Large Scientific Data
WoSC19: Serverless Workflows for Indexing Large Scientific Data
 
A Modified Technique For Performing Data Encryption & Data Decryption
A Modified Technique For Performing Data Encryption & Data DecryptionA Modified Technique For Performing Data Encryption & Data Decryption
A Modified Technique For Performing Data Encryption & Data Decryption
 
Computing Outside The Box June 2009
Computing Outside The Box June 2009Computing Outside The Box June 2009
Computing Outside The Box June 2009
 
Share and analyze geonomic data at scale by Andy Petrella and Xavier Tordoir
Share and analyze geonomic data at scale by Andy Petrella and Xavier TordoirShare and analyze geonomic data at scale by Andy Petrella and Xavier Tordoir
Share and analyze geonomic data at scale by Andy Petrella and Xavier Tordoir
 
mcubed london - data science at the edge
mcubed london - data science at the edgemcubed london - data science at the edge
mcubed london - data science at the edge
 
Large Scale Processing of Unstructured Text
Large Scale Processing of Unstructured TextLarge Scale Processing of Unstructured Text
Large Scale Processing of Unstructured Text
 

Similar to Hades_poster_Comad

Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionWei-Yu Chen
 
Constructing inter domain packet filters to control ip (synopsis)
Constructing inter domain packet filters to control ip (synopsis)Constructing inter domain packet filters to control ip (synopsis)
Constructing inter domain packet filters to control ip (synopsis)Mumbai Academisc
 
Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Mumbai Academisc
 
Peer to peer Paradigms
Peer to peer ParadigmsPeer to peer Paradigms
Peer to peer Paradigmshassan ahmed
 
Tapestry
TapestryTapestry
TapestrySutha31
 
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS ijp2p
 
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTSCOMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTSijp2p
 
IRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET Journal
 
UNIT III DIS.pptx
UNIT III DIS.pptxUNIT III DIS.pptx
UNIT III DIS.pptxSamPrem3
 
IPT Chapter 2 Web Services and Middleware - Dr. J. VijiPriya
IPT Chapter 2 Web Services and Middleware - Dr. J. VijiPriyaIPT Chapter 2 Web Services and Middleware - Dr. J. VijiPriya
IPT Chapter 2 Web Services and Middleware - Dr. J. VijiPriyaVijiPriya Jeyamani
 
ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detect...
ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detect...ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detect...
ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detect...Anastasija Nikiforova
 
Big Data Analytics Tokyo
Big Data Analytics TokyoBig Data Analytics Tokyo
Big Data Analytics TokyoAdam Gibson
 
Unit 3 cs6601 Distributed Systems
Unit 3 cs6601 Distributed SystemsUnit 3 cs6601 Distributed Systems
Unit 3 cs6601 Distributed SystemsNandakumar P
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection finalAkshay Bansal
 
A Survey on IPv6 Secure Link Local Communication Models, Techniques and Tools
A Survey on IPv6 Secure Link Local Communication Models, Techniques and ToolsA Survey on IPv6 Secure Link Local Communication Models, Techniques and Tools
A Survey on IPv6 Secure Link Local Communication Models, Techniques and ToolsIJARIDEA Journal
 

Similar to Hades_poster_Comad (20)

Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion DetectionCloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
Cloudslam09:Building a Cloud Computing Analysis System for Intrusion Detection
 
Constructing inter domain packet filters to control ip (synopsis)
Constructing inter domain packet filters to control ip (synopsis)Constructing inter domain packet filters to control ip (synopsis)
Constructing inter domain packet filters to control ip (synopsis)
 
Hota iitd
Hota iitdHota iitd
Hota iitd
 
P2P Security
P2P SecurityP2P Security
P2P Security
 
Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)Controlling ip spoofing through inter domain packet filters(synopsis)
Controlling ip spoofing through inter domain packet filters(synopsis)
 
Peer to peer Paradigms
Peer to peer ParadigmsPeer to peer Paradigms
Peer to peer Paradigms
 
Tapestry
TapestryTapestry
Tapestry
 
M dgx mde0mdm=
M dgx mde0mdm=M dgx mde0mdm=
M dgx mde0mdm=
 
Introduction P2p
Introduction P2pIntroduction P2p
Introduction P2p
 
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
 
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTSCOMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
COMPARATIVE STUDY OF CAN, PASTRY, KADEMLIA AND CHORD DHTS
 
A017510102
A017510102A017510102
A017510102
 
IRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT ProtocolsIRJET- Estimating Various DHT Protocols
IRJET- Estimating Various DHT Protocols
 
UNIT III DIS.pptx
UNIT III DIS.pptxUNIT III DIS.pptx
UNIT III DIS.pptx
 
IPT Chapter 2 Web Services and Middleware - Dr. J. VijiPriya
IPT Chapter 2 Web Services and Middleware - Dr. J. VijiPriyaIPT Chapter 2 Web Services and Middleware - Dr. J. VijiPriya
IPT Chapter 2 Web Services and Middleware - Dr. J. VijiPriya
 
ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detect...
ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detect...ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detect...
ShoBeVODSDT: Shodan and Binary Edge based vulnerable open data sources detect...
 
Big Data Analytics Tokyo
Big Data Analytics TokyoBig Data Analytics Tokyo
Big Data Analytics Tokyo
 
Unit 3 cs6601 Distributed Systems
Unit 3 cs6601 Distributed SystemsUnit 3 cs6601 Distributed Systems
Unit 3 cs6601 Distributed Systems
 
Anomaly detection final
Anomaly detection finalAnomaly detection final
Anomaly detection final
 
A Survey on IPv6 Secure Link Local Communication Models, Techniques and Tools
A Survey on IPv6 Secure Link Local Communication Models, Techniques and ToolsA Survey on IPv6 Secure Link Local Communication Models, Techniques and Tools
A Survey on IPv6 Secure Link Local Communication Models, Techniques and Tools
 

Recently uploaded

Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonJericReyAuditor
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 

Recently uploaded (20)

Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lesson
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 

Hades_poster_Comad

  • 1. Hades: A Hadoop-based Framework for Detection of Peer-to-Peer Botnets Pratik Narang, Abhishek Thakur, Chittaranjan Hota Birla Institute of Technology & Science – Pilani, Hyderabad Campus Hyderabad, Telangana – 5000 78, India Abstract  This paper presents Hades, a Hadoop-based framework for detection of P2P botnets in an enterprise-level network, which is distributed and scalable by design.  Our work uses the Hadoop-ecosystem to adopt a ‘host- aggregation based’ approach which aggregates behavioral metrics for each P2P host seen in network communications, and uses them to distinguish between benign P2P hosts and hosts infected by P2P botnets.  We propose a distributed data-collection architecture which can monitor inside-to-inside LAN traffic, as opposed to relying solely on the NetFlow information available at a backbone router which cannot see the LAN communications happening in the network. … Data nodes P2P bots detected Name node 2. Parse Packets with Tshark 5. Feature set evaluated against models built with Mahout 4. Host-based features extracted with Hive 3. Push data to HDFS 1. Data collection Trigger Firewall rules Distributed Systems Lab Student Hostels 0 10 20 30 40 50 60 70 80 90 100 True Positive False Positive True Positive False Positive Training Testing Botnet Benign Features extracted per host  Number of distinct destination hosts contacted  The total volume of data sent from the source host  The average of the TTL value of the packets sent from the source host Hive Queries  CREATE EXTERNAL TABLE packet_data ( timestamp DECIMAL, ip_source STRING, ip_dest STRING, ttl INT, proto INT, payload_length INT ) ROW FORMAT DELIMITED FIELDS TERMINATED BY ‘,’ LOCATION ‘/user/hdfs/PacketDump’;  CREATE TABLE host_data ( host STRING, destinations DECIMAL, avg_ttl DECIMAL, volume BIGINT ) ROW FORMAT DELIMITED FIELDS TERMINATED BY ‘,’ LINES TERMINATED BY ‘n’ STORED AS TEXTFILE;  INSERT INTO TABLE host_data SELECT ip_source, COUNT (DISTINCT ip_dest), AVG(ttl), SUM(payload_length) FROM packet_data GROUP BY ip_source; References 1. J. Zhang, R. Perdisci, W. Lee, X. Luo, and U. Sarfraz., Building a scalable system for stealthy p2p-botnet detection. Information Forensics and Security, IEEE Transactions on, 9(1):27-38, 2014. 2. T.-F. Yen and M. K. Reiter. Are your hosts trading or plotting? telling p2p file-sharing and bots apart. In Proceedings of the 2010 30th International Conference on Distributed Computing Systems, ICDCS '10, pages 241- 252. IEEE, 2010. 3. P. Narang, C. Hota, and V.N. Venkatakrishnan. Peershark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification. EURASIP Journal on Information Security, 2014(1):1-12, 2014. Results with Random Forests over Mahout This research work was supported by grants from Department of Information Technology, Government of India Datasets Data type .pcap format .csv format P2P Botnet 14 GB 6.6 GB P2P Benign 6 GB 3.9 GB