The document presents a dynamic botnet detection model based on behavior analysis. The proposed model detects P2P botnets in three phases: (1) identifying P2P nodes using an in-out degree algorithm, (2) clustering suspicious P2P nodes using k-means clustering, and (3) detecting botnets based on the stability of network flows between clustered P2P nodes. Experimental results show the approach can detect botnets with high accuracy by analyzing network traffic at the packet level to measure node connectivity and flow stability over time.
Now-a-days, Internet has become an important part of human’s life, a person
can shop, invest, and perform all the banking task online. Almost, all the organizations have
their own website, where customer can perform all the task like shopping, they only have to
provide their credit card details. Online banking and e-commerce organizations have been
experiencing the increase in credit card transaction and other modes of on-line transaction.
Due to this credit card fraud becomes a very popular issue for credit card industry, it causes
many financial losses for customer and also for the organization. Many techniques like
Decision Tree, Neural Networks, Genetic Algorithm based on modern techniques like
Artificial Intelligence, Machine Learning, and Fuzzy Logic have been already developed for
credit card fraud detection. In this paper, an evolutionary Simulated Annealing algorithm is
used to train the Neural Networks for Credit Card fraud detection in real-time scenario.
This paper shows how this technique can be used for credit card fraud detection and
present all the detailed experimental results found when using this technique on real world
financial data (data are taken from UCI repository) to show the effectiveness of this
technique. The algorithm used in this paper are likely beneficial for the organizations and
for individual users in terms of cost and time efficiency. Still there are many cases which are
misclassified i.e. A genuine customer is classified as fraud customer or vise-versa.
Botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Recently, botnet detection has been an interesting research topic related to cyber-threat and cyber-crime prevention. This paper is a survey of botnet and botnet detection. The survey clarifies botnet phenomenon and discusses botnet detection techniques. This survey classifies botnet detection techniques into four classes: signature-based, anomaly-based, DNS-based, and mining-base.
Guarding Against Large-Scale Scrabble In Social NetworkEditor IJCATR
Generally, the botnet is one of the most dangerous threats in the network. It has number attackers in the network. The
attacker consists of DDOS attack, remote attack, etc., Bots perform perform repetitive tasks automatically or on a schedule over the
internet, tasks that would be too mundane or time-consuming for an actual person. But the botnets have stealthy behavior as they are
very difficult to identify. These botnets have to be identified and the internet have to be protected. Also the the activity of botnets must
be prevented to provide the users, a reliable service. The past of botnet detection has a transaction process which is not secure. A
efficient stastical data classifier is required to train the botent preventions system. To provide the above features clustering based
analysis is done. our approach can detect and profile various P2P applications rather than identifying a specific P2P application.
Anomaly based detection technique is used to obtain this goal.
Botnet Detection in Online-social NetworkRubal Sagwal
Botnet, Bot master, Command and Control Server, States for Bots, Types of attacks, most wanted bots, Botnet life cycle, botnet topology, Social botnet.
Now-a-days, Internet has become an important part of human’s life, a person
can shop, invest, and perform all the banking task online. Almost, all the organizations have
their own website, where customer can perform all the task like shopping, they only have to
provide their credit card details. Online banking and e-commerce organizations have been
experiencing the increase in credit card transaction and other modes of on-line transaction.
Due to this credit card fraud becomes a very popular issue for credit card industry, it causes
many financial losses for customer and also for the organization. Many techniques like
Decision Tree, Neural Networks, Genetic Algorithm based on modern techniques like
Artificial Intelligence, Machine Learning, and Fuzzy Logic have been already developed for
credit card fraud detection. In this paper, an evolutionary Simulated Annealing algorithm is
used to train the Neural Networks for Credit Card fraud detection in real-time scenario.
This paper shows how this technique can be used for credit card fraud detection and
present all the detailed experimental results found when using this technique on real world
financial data (data are taken from UCI repository) to show the effectiveness of this
technique. The algorithm used in this paper are likely beneficial for the organizations and
for individual users in terms of cost and time efficiency. Still there are many cases which are
misclassified i.e. A genuine customer is classified as fraud customer or vise-versa.
Botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Recently, botnet detection has been an interesting research topic related to cyber-threat and cyber-crime prevention. This paper is a survey of botnet and botnet detection. The survey clarifies botnet phenomenon and discusses botnet detection techniques. This survey classifies botnet detection techniques into four classes: signature-based, anomaly-based, DNS-based, and mining-base.
Guarding Against Large-Scale Scrabble In Social NetworkEditor IJCATR
Generally, the botnet is one of the most dangerous threats in the network. It has number attackers in the network. The
attacker consists of DDOS attack, remote attack, etc., Bots perform perform repetitive tasks automatically or on a schedule over the
internet, tasks that would be too mundane or time-consuming for an actual person. But the botnets have stealthy behavior as they are
very difficult to identify. These botnets have to be identified and the internet have to be protected. Also the the activity of botnets must
be prevented to provide the users, a reliable service. The past of botnet detection has a transaction process which is not secure. A
efficient stastical data classifier is required to train the botent preventions system. To provide the above features clustering based
analysis is done. our approach can detect and profile various P2P applications rather than identifying a specific P2P application.
Anomaly based detection technique is used to obtain this goal.
Botnet Detection in Online-social NetworkRubal Sagwal
Botnet, Bot master, Command and Control Server, States for Bots, Types of attacks, most wanted bots, Botnet life cycle, botnet topology, Social botnet.
Botnets became one of the most observed and dangerous threat in the malware landscape. For this reason, it is crucial to design
techniques able to detect bot-infected hosts at dierent levels (enterprise, ISP, etc.). In this presentation, a possible taxonomy showing how different approaches to botnet detection can be categorized, enlightening the different advantages and disadvantages of the design choices. In addition, possible future research directions are presented.
Botnets gained wide visibility in the last few years, becoming one of the most observed and dangerous threats in the malware landscape. This is mainly due to the fact that botnets represents a very valuable and flexible asset in the arsenal of hackers and APTs. We’ve seen botnets becoming real cyber-weapons, capable of targeting nations and the business of famous companies. For this reason, it is crucial to design techniques able to detect bot-infected hosts at different levels (enterprise, ISP, etc.). Different kind of techniques have been studied and researched in the last years, in a never ending race between attackers and defenders. In this work a representative set of the entire literature is analyzed, enlightening the different kind of state-of-theart approaches that researchers have followed with the ultimate goal of designing effective botnet detection solutions. The objective is producing a taxonomy of the botnet detection techniques, showing possible research directions in designing new techniques to mitigate the risks associated to botnet based attacks.
Nowadays, cyber-attacks from botnets are increasing at a faster rate than any other malware spread. Detecting the botmaster who commands the tasks has become more difficult. Most of the detecting methods are based on the features of any communication protocol or the history of the network traffic. In this paper, a rational approach is brought for the live detection of the botmaster in the internal network. The victim machine monitors its packets and compromises the bots in the network and finds the traces to the botmaster. This approach works independent of the structure of the botnet, and will be a better option for online detection of the botmaster.
Detection of Botnets using Honeypots and P2P BotnetsCSCJournals
A “botnet” is a group of compromised computers connected to a network, which can be used for both recognition and illicit financial gain; controlled by an attacker (bot-herder). Among the counter measures proposed in the recent developments is the “Honeypot”. The attacker who would be aware of the Honeypot would take adequate steps to maintain the botnet, hence attack the Honeypot (Infected Honeypot). In this paper we propose a method to remove the infected Honeypot by Constructing a Peer-to-peer structured botnet which would detect the uninfected Honeypot and use it to detect botnets originally used by the attacker. Our simulation shows that this method is very effective and can detect the botnets that are intended to malign the network.
Towards botnet detection through features using network traffic classificationIJERA Editor
Botnet are becoming the most significant threat to the internet world. Botnet is the automated process of
attackers that interacts with network traffic and its services. Botnet are automatically updated into the
compromised system to collect the authenticated information. In this paper, we present a model to extract some
features which are helpful to analyze the behaviour of bot members present in the particular network traffic. On
the other hand, various superior methods are evaluated to extract weather network traffic contain bot or not. In
particularly, our evaluation shows that the particular traffic contain any bot member in their communication.
Detection of Peer-to-Peer Botnets using Graph MiningIJCNCJournal
Peer-to-Peer (P2P) botnets are significant threats to the Internet. The botnet traffic is increasing rapidly every year and impacts the entire Internet. A P2P botnet is responsible for launching various malicious activities such as DDoS attacks, click fraud attacks, stealing confidential information from bank and government websites, etc. It is challenging to detect P2P botnets because of their high resiliency against detection. This paper proposes a method that uses a network communication graph from network flow data to detect botnets. Three graph-mining techniques are used to detect bot nodes individually. The method's final result is obtained by applying an ensemble algorithm to the results of the three graph-mining techniques. A synthetic dataset from a testbed is used to assess the method's performance. In addition, the method is evaluated using a publicly available dataset. Experimental results show that the method performs with an accuracy of 99.99%, a precision of 94.29% ,and a recall of 98.02%, which is better than existing methods.
Botnets became one of the most observed and dangerous threat in the malware landscape. For this reason, it is crucial to design
techniques able to detect bot-infected hosts at dierent levels (enterprise, ISP, etc.). In this presentation, a possible taxonomy showing how different approaches to botnet detection can be categorized, enlightening the different advantages and disadvantages of the design choices. In addition, possible future research directions are presented.
Botnets gained wide visibility in the last few years, becoming one of the most observed and dangerous threats in the malware landscape. This is mainly due to the fact that botnets represents a very valuable and flexible asset in the arsenal of hackers and APTs. We’ve seen botnets becoming real cyber-weapons, capable of targeting nations and the business of famous companies. For this reason, it is crucial to design techniques able to detect bot-infected hosts at different levels (enterprise, ISP, etc.). Different kind of techniques have been studied and researched in the last years, in a never ending race between attackers and defenders. In this work a representative set of the entire literature is analyzed, enlightening the different kind of state-of-theart approaches that researchers have followed with the ultimate goal of designing effective botnet detection solutions. The objective is producing a taxonomy of the botnet detection techniques, showing possible research directions in designing new techniques to mitigate the risks associated to botnet based attacks.
Nowadays, cyber-attacks from botnets are increasing at a faster rate than any other malware spread. Detecting the botmaster who commands the tasks has become more difficult. Most of the detecting methods are based on the features of any communication protocol or the history of the network traffic. In this paper, a rational approach is brought for the live detection of the botmaster in the internal network. The victim machine monitors its packets and compromises the bots in the network and finds the traces to the botmaster. This approach works independent of the structure of the botnet, and will be a better option for online detection of the botmaster.
Detection of Botnets using Honeypots and P2P BotnetsCSCJournals
A “botnet” is a group of compromised computers connected to a network, which can be used for both recognition and illicit financial gain; controlled by an attacker (bot-herder). Among the counter measures proposed in the recent developments is the “Honeypot”. The attacker who would be aware of the Honeypot would take adequate steps to maintain the botnet, hence attack the Honeypot (Infected Honeypot). In this paper we propose a method to remove the infected Honeypot by Constructing a Peer-to-peer structured botnet which would detect the uninfected Honeypot and use it to detect botnets originally used by the attacker. Our simulation shows that this method is very effective and can detect the botnets that are intended to malign the network.
Towards botnet detection through features using network traffic classificationIJERA Editor
Botnet are becoming the most significant threat to the internet world. Botnet is the automated process of
attackers that interacts with network traffic and its services. Botnet are automatically updated into the
compromised system to collect the authenticated information. In this paper, we present a model to extract some
features which are helpful to analyze the behaviour of bot members present in the particular network traffic. On
the other hand, various superior methods are evaluated to extract weather network traffic contain bot or not. In
particularly, our evaluation shows that the particular traffic contain any bot member in their communication.
Detection of Peer-to-Peer Botnets using Graph MiningIJCNCJournal
Peer-to-Peer (P2P) botnets are significant threats to the Internet. The botnet traffic is increasing rapidly every year and impacts the entire Internet. A P2P botnet is responsible for launching various malicious activities such as DDoS attacks, click fraud attacks, stealing confidential information from bank and government websites, etc. It is challenging to detect P2P botnets because of their high resiliency against detection. This paper proposes a method that uses a network communication graph from network flow data to detect botnets. Three graph-mining techniques are used to detect bot nodes individually. The method's final result is obtained by applying an ensemble algorithm to the results of the three graph-mining techniques. A synthetic dataset from a testbed is used to assess the method's performance. In addition, the method is evaluated using a publicly available dataset. Experimental results show that the method performs with an accuracy of 99.99%, a precision of 94.29% ,and a recall of 98.02%, which is better than existing methods.
DETECTION OF PEER-TO-PEER BOTNETS USING GRAPH MININGIJCNCJournal
Peer-to-Peer (P2P) botnets are significant threats to the Internet. The botnet traffic is increasing rapidly
every year and impacts the entire Internet. A P2P botnet is responsible for launching various malicious
activities such as DDoS attacks, click fraud attacks, stealing confidential information from bank and
government websites, etc. It is challenging to detect P2P botnets because of their high resiliency against
detection. This paper proposes a method that uses a network communication graph from network flow data
to detect botnets. Three graph-mining techniques are used to detect bot nodes individually. The method's
final result is obtained by applying an ensemble algorithm to the results of the three graph-mining
techniques. A synthetic dataset from a testbed is used to assess the method's performance. In addition, the
method is evaluated using a publicly available dataset. Experimental results show that the method
performs with an accuracy of 99.99%, a precision of 94.29% ,and a recall of 98.02%, which is better than
existing methods.
Internet threats have increased manifold with the
arrival of botnets. Many organizations worldwide and the
social networks have been affected by botnets. Numerous
researches have been carried to understand the concept of
bots, C&C channels, botnet and botmasters. These botnets
have been able to update itself regularly which makes them
very difficult to be detected. The purpose of this paper is to
understand the of behavior of botnets and its affect on the
virtual world. The paper has also analyzed the types of
botnets, lifecycle and elements of botnets.
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetIDES Editor
A System state in HTTP botnet uses HTTP protocol
for the creation of chain of Botnets thereby compromising
other systems. By using HTTP protocol and port number 80,
attacks can not only be hidden but also pass through the
firewall without being detected. The DPR based detection
leads to better analysis of botnet attacks [3]. However, it
provides only probabilistic detection of the attacker and also
time consuming and error prone. This paper proposes a Genetic
algorithm based layered approach for detecting as well as
preventing botnet attacks. The paper reviews p2p firewall
implementation which forms the basis of filtering.
Performance evaluation is done based on precision, F-value
and probability. Layered approach reduces the computation
and overall time requirement [7]. Genetic algorithm promises
a low false positive rate.
Botnet detection using ensemble classifiers of network flow IJECEIAES
Recently, Botnets have become a common tool for implementing and transferring various malicious codes over the Internet. These codes can be used to execute many malicious activities including DDOS attack, send spam, click fraud, and steal data. Therefore, it is necessary to use Modern technologies to reduce this phenomenon and avoid them in advance in order to differentiate the Botnets traffic from normal network traffic. In this work, ensemble classifier algorithms to identify such damaging botnet traffic. We experimented with different ensemble algorithms to compare and analyze their ability to classify the botnet traffic from the normal traffic by selecting distinguishing features of the network traffic. Botnet Detection offers a reliable and cheap style for ensuring transferring integrity and warning the risks before its occurrence.
Public Key Cryptosystem Approach for P2P Botnet Detection and PreventionIJERA Editor
Distributed (P2P) botnets have as of late been received by botmasters for their versatility against take-down
endeavors. Other than being harder to bring down, p2p botnets tend to be stealthier in the way they perform
vindictive exercises, making current discovery approaches ineffectual. In this paper, we simulate our proposal
by detecting a gray hole attack in an Ad Hoc network using NS2.The detected malicious node is listed in a black
hole list and notices all other nodes in the network to stop communicating with them. Our botnet location
framework has been equipped for identifying stealthy P2P botnets (Gray Hole nodes) and can reduce packet loss
caused by malicious nodes and have a better packet delivery ratio (PDR) within less period of time.
lab3/cdga.zip
lab3/code.c
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <wchar.h>
void dga(int year, int month, int day)
{
char alphabets[]={'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'};
printf("domain is syn-%c%c%c.com\n",alphabets[year-2000],alphabets[month*2],alphabets[10]);
}
int main()
{
char test[]="Simple DGA example for CIT406";
SYSTEMTIME st;
GetLocalTime(&st);
dga(st.wYear, st.wMonth, st.wDay);
return 0;
}
lab3/Domain Generation Algorithm Reverse Engineering.docx
Scenario:
The university has caught a malware operator on campus and found a domain generating algorithm (DGA) on the campus-owned computer which this person was using. The campus has asked you to figure out how it works so that they can potentially use the command and control server for research like is described here in the attached pdf. (Attached in folder)
The file you will need to figure out is here (this is written in the computer language C, not malware) (this file is attached in folder).
One way to find out how something works is using IDA in Kali Linux information about kali can be found here: kali.org. Some basic stuff about IDA can be found here:
http://securityxploded.com/reversing-basics-ida-pro.php (Links to an external site.). These resources will not be sufficient to get you all the way through the lab, because they were not designed as a step by step walkthrough of the lab, you will need to take the knowledge from these resources and others that you find to complete the lab.
I attached the exe file. You have to unzip the file. The exe file has to be run from command line (in a SAFE environment i.e. a virtual machine).
When reverse engineering the exe file, you should be looking at _dga/dga function. You can use IDA Pro. (The .exe file is attached in folder)
For this lab, you will need to: find out what you can from the files attached, following a lab report format outlined which is abstract, discussion, and conclusion. Take a lot of screenshots
lab3/stone-gross+cova+cavallaro+gilbert+szydlowski+kemmerer+kruegel+vigna+yourBotnetIsMyBotnet.pdf
Your Botnet is My Botnet: Analysis of a Botnet Takeover
Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski,
Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna
Department of Computer Science, University of California, Santa Barbara
{bstone,marco,sullivan,rgilbert,msz,kemm,chris,vigna}@cs.ucsb.edu
ABSTRACT
Botnets, networks of malware-infected machines that are controlled
by an adversary, are the root cause of a large number of security
problems on the Internet. A particularly sophisticated and insidi-
ous type of bot is Torpig, a malware program that is designed to
harvest sensitive information (such as bank account and credit card
data) from its victims. In this paper, we report on our effo ...
Botminer Clustering Analysis Of Network Traffic For Protocol And Structure...ncct
final Year Projects, Final Year Projects in Chennai, Software Projects, Embedded Projects, Microcontrollers Projects, DSP Projects, VLSI Projects, Matlab Projects, Java Projects, .NET Projects, IEEE Projects, IEEE 2009 Projects, IEEE 2009 Projects, Software, IEEE 2009 Projects, Embedded, Software IEEE 2009 Projects, Embedded IEEE 2009 Projects, Final Year Project Titles, Final Year Project Reports, Final Year Project Review, Robotics Projects, Mechanical Projects, Electrical Projects, Power Electronics Projects, Power System Projects, Model Projects, Java Projects, J2EE Projects, Engineering Projects, Student Projects, Engineering College Projects, MCA Projects, BE Projects, BTech Projects, ME Projects, MTech Projects, Wireless Networks Projects, Network Security Projects, Networking Projects, final year projects, ieee projects, student projects, college projects, ieee projects in chennai, java projects, software ieee projects, embedded ieee projects, "ieee2009projects", "final year projects", "ieee projects", "Engineering Projects", "Final Year Projects in Chennai", "Final year Projects at Chennai", Java Projects, ASP.NET Projects, VB.NET Projects, C# Projects, Visual C++ Projects, Matlab Projects, NS2 Projects, C Projects, Microcontroller Projects, ATMEL Projects, PIC Projects, ARM Projects, DSP Projects, VLSI Projects, FPGA Projects, CPLD Projects, Power Electronics Projects, Electrical Projects, Robotics Projects, Solor Projects, MEMS Projects, J2EE Projects, J2ME Projects, AJAX Projects, Structs Projects, EJB Projects, Real Time Projects, Live Projects, Student Projects, Engineering Projects, MCA Projects, MBA Projects, College Projects, BE Projects, BTech Projects, ME Projects, MTech Projects, M.Sc Projects, Final Year Java Projects, Final Year ASP.NET Projects, Final Year VB.NET Projects, Final Year C# Projects, Final Year Visual C++ Projects, Final Year Matlab Projects, Final Year NS2 Projects, Final Year C Projects, Final Year Microcontroller Projects, Final Year ATMEL Projects, Final Year PIC Projects, Final Year ARM Projects, Final Year DSP Projects, Final Year VLSI Projects, Final Year FPGA Projects, Final Year CPLD Projects, Final Year Power Electronics Projects, Final Year Electrical Projects, Final Year Robotics Projects, Final Year Solor Projects, Final Year MEMS Projects, Final Year J2EE Projects, Final Year J2ME Projects, Final Year AJAX Projects, Final Year Structs Projects, Final Year EJB Projects, Final Year Real Time Projects, Final Year Live Projects, Final Year Student Projects, Final Year Engineering Projects, Final Year MCA Projects, Final Year MBA Projects, Final Year College Projects, Final Year BE Projects, Final Year BTech Projects, Final Year ME Projects, Final Year MTech Projects, Final Year M.Sc Projects, IEEE Java Projects, ASP.NET Projects, VB.NET Projects, C# Projects, Visual C++ Projects, Matlab Projects, NS2 Projects, C Projects, Microcontroller Projects, ATMEL Projects, PIC Projects, ARM Projects, DSP Projects, VLSI Projects, FPGA Projects, CPLD Projects, Power Electronics Projects, Electrical Projects, Robotics Projects, Solor Projects, MEMS Projects, J2EE Projects, J2ME Projects, AJAX Projects, Structs Projects, EJB Projects, Real Time Projects, Live Projects, Student Projects, Engineering Projects, MCA Projects, MBA Projects, College Projects, BE Projects, BTech Projects, ME Projects, MTech Projects, M.Sc Projects, IEEE 2009 Java Projects, IEEE 2009 ASP.NET Projects, IEEE 2009 VB.NET Projects, IEEE 2009 C# Projects, IEEE 2009 Visual C++ Projects, IEEE 2009 Matlab Projects, IEEE 2009 NS2 Projects, IEEE 2009 C Projects, IEEE 2009 Microcontroller Projects, IEEE 2009 ATMEL Projects, IEEE 2009 PIC Projects, IEEE 2009 ARM Projects, IEEE 2009 DSP Projects, IEEE 2009 VLSI Projects, IEEE 2009 FPGA Projects, IEEE 2009 CPLD Projects, IEEE 2009 Power Electronics Projects, IEEE 2009 Electrical Projects, IEEE 2009 Robotics Projects, IEEE 2009 Solor Projects, IEEE 2009 MEMS Projects, IEEE 2009 J2EE P
Wireless sensor networks (WSN) have been widely used in various applications.
In these networks nodes collect data from the attached sensors and send their data to a base
station. However, nodes in WSN have limited power supply in form of battery so the nodes
are expected to minimize energy consumption in order to maximize the lifetime of WSN. A
number of techniques have been proposed in the literature to reduce the energy
consumption significantly. In this paper, we propose a new clustering based technique
which is a modification of the popular LEACH algorithm. In this technique, first cluster
heads are elected using the improved LEACH algorithm as usual, and then a cluster of
nodes is formed based on the distance between node and cluster head. Finally, data from
node is transferred to cluster head. Cluster heads forward data, after applying aggregation,
to the cluster head that is closer to it than sink in forward direction or directly to the sink.
This reduction in distance travelled improves the performance over LEACH algorithm
significantly.
The next generation wireless networks comprises of mobile users moving
between heterogeneous networks, using terminals with multiple access interfaces and
services. The most important issue in such environment is ABC (Always Best Connected) i.e.
allowing the best connectivity to applications anywhere at any time. For always best
connectivity requirement various vertical handover strategies for decision making have
been proposed. This paper provides an overview of the most interesting and recent
strategies.
This paper presents the design and performance comparison of a two stage
operational amplifier topology using CMOS and BiCMOS technology. This conventional op
amp circuit was designed by using RF model of BSIM3V3 in 0.6 μm CMOS technology and
0.35 μm BiCMOS technology. Both the op amp circuits were designed and simulated,
analyzed and performance parameters are compared. The performance parameters such as
gain, phase margin, CMRR, PSRR, power consumption etc achieved are compared. Finally,
we conclude the suitability of CMOS technology over BiCMOS technology for low power
RF design.
In Cognitive Radio Networks (CRN), Cooperative Spectrum Sensing (CSS) is
used to improve performance of spectrum sensing techniques used for detection of licensed
(Primary) user’s signal. In CSS, the spectrum sensing information from multiple unlicensed
(Secondary) users are combined to take final decision about presence of primary signal. The
mixing techniques used to generate final decision about presence of PU’s signal are also
called as Fusion techniques / rules. The fusion techniques are further classified as data
fusion and decision fusion techniques. In data fusion technique all the secondary users
(SUs) share their raw information of spectrum detection like detected energy or other
statistical information, while in decision fusion technique all the SUs take their local
decisions and share the decision by sending ‘0’ or ‘1’ corresponding to absence and presence
of PU’s signal respectively. The rules used in decision fusion techniques are OR rule, AND
rule and K-out-of-N rule. The CSS is further classified as distributed CSS and centralized
CSS. In distributed CSS all the SUs share the spectrum detection information with each
other and by mixing the shared information; all the SUs take final decision individually. In
centralized CSS all the SUs send their detected information to a secondary base station /
central unit which combines the shared information and takes final decision. The secondary
base station shares the final decision with all the SUs in the CRN. This paper covers
overview of information fusion methods used for CSS and analysis of decision fusion rules
with simulation results.
ZigBee has been developed to support lower data rates and low power consuming
applications. This paper targets to analyze various parameters of ZigBee physical (PHY).
Performance of ZigBee PHY is evaluated on the basis of energy consumption in
transmitting and receiving mode and throughput. Effect of variation in network size is
studied on these performance attributes. Some modulation schemes are also compared and
the best modulation scheme is suggested with tradeoffs between different performance
metrics.
This paper gives a brief idea of the moving objects tracking and its application.
In sport it is challenging to track and detect motion of players in video frames. Task
represents optical flow analysis to do motion detection and particle filter to track players
and taking consideration of regions with movement of players in sports video. Optical flow
vector calculation gives motion of players in video frame. This paper presents improved
Luacs Kanade algorithm explained for optical flow computation for large displacement and
more accuracy in motion estimation.
A rapid progress is seen in the field of robotics both in educational and industrial
automation sectors. The Robotics education in particular is gaining technological advances
and providing more learning opportunities. In automotive sector, there is a necessity and
demand to automate daily human activities by robot. With such an advancement and
demand for robotics, the realization of a popular computer game will help students to learn
and acquire skills in the field of robotics. The computer game such as Pacman offers
challenges on both software and hardware fronts. In software, it provides challenges in
developing algorithms for a robot to escape from the pool of attacking robots and to develop
algorithms for multiple ghost robots to attack the Pacman. On the hardware front, it
provides a challenge to integrate various systems to realize the game. This project aims to
demonstrate the pacman game in real world as well as in simulation. For simulation
purpose Player/Stage is used to develop single-client and multi-client architectures. The
multi- client architecture in player/stage uses one global simulation proxy to which all the
robot models are connected. This reduces the overhead to manage multiple robots proxy.
The single-client architecture enables only two robot models to connect to the simulation
proxy. Multi-client approach offers flexibility to add sensors to each port which will be used
distinctly by the client attached to the respective robot. The robots are named as Pacman
and Ghosts, which try to escape and attack respectively. Use of Network Camera has been
done to detect the global positions of the robots and data is shared through inter-process
communication.
In Content-Based Image Retrieval (CBIR) systems, the visual contents of the
images in the database are took out and represented by multi-dimensional characteristic
vectors. A well known CBIR system that retrieves images by unsupervised method known
as cluster based image retrieval system. For enhancing the performance and retrieval rate
of CBIR system, we fuse the visual contents of an image. Recently, we developed two
cluster-based CBIR systems by fusing the scores of two visual contents of an image. In this
paper, we analyzed the performance of the two recommended CBIR systems at different
levels of precision using images of varying sizes and resolutions. We also compared the
performance of the recommended systems with that of the other two existing CBIR systems
namely UFM and CLUE. Experimentally, we find that the recommended systems
outperform the other two existing systems and one recommended system also comparatively
performed better in every resolution of image.
Information Systems and Networks are subjected to electronic attacks. When
network attacks hit, organizations are thrown into crisis mode. From the IT department to
call centers, to the board room and beyond, all are fraught with danger until the situation is
under control. Traditional methods which are used to overcome these threats (e.g. firewall,
antivirus software, password protection etc.) do not provide complete security to the system.
This encourages the researchers to develop an Intrusion Detection System which is capable
of detecting and responding to such events. This review paper presents a comprehensive
study of Genetic Algorithm (GA) based Intrusion Detection System (IDS). It provides a
brief overview of rule-based IDS, elaborates the implementation issues of Genetic Algorithm
and also presents a comparative analysis of existing studies.
Step by step operations by which we make a group of objects in which attributes
of all the objects are nearly similar, known as clustering. So, a cluster is a collection of
objects that acquire nearly same attribute values. The property of an object in a cluster is
similar to other objects in same cluster but different with objects of other clusters.
Clustering is used in wide range of applications like pattern recognition, image processing,
data analysis, machine learning etc. Nowadays, more attention has been put on categorical
data rather than numerical data. Where, the range of numerical attributes organizes in a
class like small, medium, high, and so on. There is wide range of algorithm that used to
make clusters of given categorical data. Our approach is to enhance the working on well-
known clustering algorithm k-modes to improve accuracy of algorithm. We proposed a new
approach named “High Accuracy Clustering Algorithm for Categorical datasets”.
Brain tumor is a malformed growth of cells within brain which may be
cancerous or non-cancerous. The term ‘malformed’ indicates the existence of tumor. The
tumor may be benign or malignant and it needs medical support for further classification.
Brain tumor must be detected, diagnosed and evaluated in earliest stage. The medical
problems become grave if tumor is detected at the later stage. Out of various technologies
available for diagnosis of brain tumor, MRI is the preferred technology which enables the
diagnosis and evaluation of brain tumor. The current work presents various clustering
techniques that are employed to detect brain tumor. The classification involves classification
of images into normal and malformed (if detected the tumor). The algorithm deals with
steps such as preprocessing, segmentation, feature extraction and classification of MR brain
images. Finally, the confirmatory step is specifying the tumor area by technique called
region of interest.
A Proxy signature scheme enables a proxy signer to sign a message on behalf of
the original signer. In this paper, we propose ECDLP based solution for chen et. al [1]
scheme. We describe efficient and secure Proxy multi signature scheme that satisfy all the
proxy requirements and require only elliptic curve multiplication and elliptic curve addition
which needs less computation overhead compared to modular exponentiations also our
scheme is withstand against original signer forgery and public key substitution attack.
Water marking has been proposed as a method to enhance data security. Text
water marking requires extreme care when embedding additional data within the images
because the additional information must not affect the image quality. Digital water marking
is a method through which we can authenticate images, videos and even texts. Add text
water mark and image water mark to your photos or animated image, protect your
copyright avoid unauthorized use. Water marking functions are not only authentication, but
also protection for such documents against malicious intentions to change such documents
or even claim the rights of such documents. Water marking scheme that hides water
marking in method, not affect the image quality. In this paper method of hiding a data using
LSB replacement technique is proposed.
Today among various medium of data transmission or storage our sensitive data
are not secured with a third-party, that we used to take help of. Cryptography plays an
important role in securing our data from malicious attack. This paper present a partial
image encryption based on bit-planes permutation using Peter De Jong chaotic map for
secure image transmission and storage. The proposed partial image encryption is a raw data
encryption method where bits of some bit-planes are shuffled among other bit-planes based
on chaotic maps proposed by Peter De Jong. By using the chaotic behavior of the Peter De
Jong map the position of all the bit-planes are permuted. The result of the several
experimental, correlation analysis and sensitivity test shows that the proposed image
encryption scheme provides an efficient and secure way for real-time image encryption and
decryption.
This paper presents a survey of Dependency Analysis of Service Oriented
Architecture (SOA) based systems. SOA presents newer aspects of dependency analysis due
to its different architectural style and programming paradigm. This paper surveys the
previous work taken on dependency analysis of service oriented systems. This study shows
the strengths and weaknesses of current approaches and tools available for dependency
analysis task in context of SOA. The main motivation of this work is to summarize the
recent approaches in this field of research, identify major issue and challenges in
dependency analysis of SOA based systems and motivate further research on this topic.
In this paper, proposed a novel implementation of a Soft-Core system using
micro-blaze processor with virtex-5 FPGA. Till now Hard-Core processors are used in
FPGA processor cores. Hard cores are a fixed gate-level IP functions within the FPGA
fabrics. Now the proposed processor is Soft-Core Processor, this is a microprocessor fully
described in software, usually in an HDL. This can be implemented by using EDK tool. In
this paper, developed a system which is having a micro-blaze processor is the combination
of both hardware & Software. By using this system, user can control and communicate all
the peripherals which are in the supported board by using Xilinx platform to develop an
embedded system. Implementing of Soft-Core process system with different peripherals like
UART interface, SPA flash interface, SRAM interface has to be designed using Xilinx
Embedded Development Kit (EDK) tools.
The article presents a simple algorithm to construct minimum spanning tree and
to find shortest path between pair of vertices in a graph. Our illustration includes the proof
of termination. The complexity analysis and simulation results have also been included.
Wimax technology has reshaped the framework of broadband wireless internet
service. It provides the internet service to unconnected or detached areas such as east South
Africa, rural areas of America and Asia region. Full duplex helpers employed with one of
the relay stations selection and indexing method that is Randomized Distributed Space Time
are used to expand the coverage area of primary Wimax station. The basic problem was
identified at cell edge due to weather conditions (rain, fog), insertion of destruction because
of multiple paths in the same communication channel and due to interference created by
other users in that communication. It is impractical task for the receiver station to decode
the transmitted signal successfully at the cell edges, which increases the high packet loss and
retransmissions. But Wimax is a outstanding technology which is used for improving the
quality of internet service and also it offers various services like Voice over Internet
Protocol, Video conferencing and Multimedia broadcast etc where a little delay in packet
transmission can cause a big loss in the communication. Even setup and initialization of
another Wimax station nearer to each other is not a good alternate, where any mobile
station can easily handover to another base station if it gets a strong signal from other one.
But in rural areas, for few numbers of customers, installation of base station nearer to each
other is costlier task. In this review article, we present a scheme using R-DSTC technique to
choose and select helpers (relay nodes) randomly to expand the coverage area and help to
mobile station as a helper to provide secure communication with base station. In this work,
we use full duplex helpers for better utilization of bandwidth.
Radio Frequency identification (RFID) technology has become emerging
technique for tracking and items identification. Depend upon the function; various RFID
technologies could be used. Drawback of passive RFID technology, associated to the range
of reading tags and assurance in difficult environmental condition, puts boundaries on
performance in the real life situation [1]. To improve the range of reading tags and
assurance, we consider implementing active backscattering tag technology. For making
mobiles of multiple radio standards in 4G network; the Software Defined Radio (SDR)
technology is used. Restrictions in Existing RFID technologies and SDR technology, can be
eliminated by the development and implementation of the Software Defined Radio (SDR)
active backscattering tag compatible with the EPC global UHF Class 1 Generation 2 (Gen2)
RFID standard. Such technology can be used for many of applications and services.
Vehicle technology has increased rapidly in recent years, particularly in relation
to braking system and sensing system. In parallel to the development of braking
technologies, sensors have been developed that are capable of detecting physical obstacles,
other vehicles or pedestrians around the vehicle. This development prevents accidents of
vehicles using Stereo Multi-Purpose cameras, Automated Emergency Braking Systems and
Ultrasonic Sensors. The stereo multi-purpose camera provides spatial intelligence of up to
50 metres in front of the vehicle and there is an environment recognition of 500 metres.
Cars can automatically brake due to obstacles or any hindrance when the sensor senses the
obstacles. The braking circuit function is to brake the car automatically after receiving
signal from the sensors. All cars are competent in applying brakes automatically to a
maximum extent of deceleration of 0.4g. Integrated safety systems are based on three
principles. They are: collision avoidance, collision mitigation braking systems and forward
collision warning.
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
A review of the growth of the Israel Genealogy Research Association Database Collection for the last 12 months. Our collection is now passed the 3 million mark and still growing. See which archives have contributed the most. See the different types of records we have, and which years have had records added. You can also see what we have for the future.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
it describes the bony anatomy including the femoral head , acetabulum, labrum . also discusses the capsule , ligaments . muscle that act on the hip joint and the range of motion are outlined. factors affecting hip joint stability and weight transmission through the joint are summarized.
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
2. propagate from one system/network to other system/network [2]. A botnet enrolls its soldiers using social
engineering techniques or by exploiting software vulnerabilities.
In a decentralized architecture (P2P-based) there is no central point for communication. In this format of
structure the bots can act as either client or server or both [5]. Each bot is connected to some other bots of the
botnet. In this architecture botmaster can inject commands to a bot and afterwards this bot can broadcast it to
all other nodes in the network. Since decentralized botnet allows commands to be injected at any node in the
network, authentication of commands become essential to prevent other nodes from injecting incorrect
commands. So P2P- based botnet model impose a bigger challenge for defense of network [7]. Table.1 shows
different classifications of botnet based on their topological structure and some of their comparison
parameters.
TABLE I. C OMPARISON OF COMMAND AND CONTROL TOPOLOGIES
Design
Complexity
Delectability
Centralized
Low
Medium
Low
Low
Decentralized
Medium
Low
Medium
Medium
Unstructured
Low
High
High
High
Topology
Message
Latency
Survivability
This paper is presented a decentralized botnet detection model which is based on in-out degree of a node,
clustering and stability of a flow. The output of one module is input for the next module. In-out degree of a
node is useful to identify P2P node from a network. Because now adays attackers used decentralized
architecture so it is necessary to identify P2P node. After this module, clustering algorithm is used which is
based on association degree and distance between a pair of node. Finally botnet detection procedure has been
used to determine bots in a network. Because all the bots have higher symmetricity in order to get command
and in response. So packets related to bots are more stable than normal client packets.
The rest of the paper is organized as follows: Section II provides related works in the field of botnets. Section
III describes proposed botnet detection model and section IV concludes our work.
II. RELATED WORK
A botnet is a collection of zombie computers called bots. A bot is a compromised end computer, which might
be infected by malwares such as Trojan horses, backdoor, spywares and worms [16]. Bots will allow the
compromised computer to be controlled by the remote attacker i.e. Botmaster in the network. The botmaster
can act as head so that he/she is responsible for controlling and also issuing commands to launch many
different illegal criminal activities. In 1993, Eggdrop the first Internet Relay Chat (IRC) bot was developed to
automate IRC management activities [17]. These kinds of tools attract the hackers to write IRC-based
malicious botnets. Thereafter, more advanced botnets such as HTTP botnets and P2P botnets [11] [18] were
continued to appear.
In [3] [6], the authors discussed the impact of botnet attacks to computer world. Also they discussed the
methods to create botnet, propagation and communication technique, and protocols being used. An excellent
botnet tracking tool named Honeypot is used to monitor and understand the behavior of the bot operations
[4].
Yukiko Sawaya et al., [8] presented a flow-based attacker detection method which detect attackers (Nuisance
attackers, Simple attackers and Obvious attackers) without predefined blacklist/white list hosts. In their work,
they collected and analyzed traffic flows related to the object port (open port) and decoy port (closed port).
Since they used flow-based approach, attacks that were injected in payload would not be identified.
Alirena Shahrestani et al., [9] proposed visualization techniques which enhance the visibility of network
traffic related to invariant bot behaviors and provide notification of existence of bots. The main advantage
of this system is that visualized information is easier to be processed and for user it is easy to gain useful
knowledge about bot existence in a network. Their technique will be used to visualize a limited set of
invariant bot behavior (like fast response time, small size command etc.
105
3. Hsiao et al., [12] proposed a method which applied flow correlation for grouping the same activities of same
bots and then scoring technique to identify normal IRC and abnormal IRC behaviors. The authors of [10]
proposed a P2P botnet detection framework which is based on association between common P2P networks
behaviors and host behaviors. This mechanism not only detects known P2P botnet with a high detection rate
but also some unknown P2P malwares. This method deals with some problems such as data encryption, route
selection, communication behaviors.
S. Zander et al., [13] Proposed P2P traffic identification based on the signature of the key packets. Their
approach identified P2P flows on real-time traffic management and monitoring and based on signature of the
key packets, flow attributes and extracting signature from P2P flows. This approach has Low computational
complexity but generates false alarms if bots traffic is encrypted.
Yousof Al Hammadi et al., [14] proposed a behavioral correlation method for detecting P2P bots. Detection
of P2P botnet has been done using Log files analysis and by correlating bot behavioral attributes. Though
their method reduces false alarm, threshold to detection malicious process is unidentified.
In [15], a method to detect botnet based on flow based approach, packet sampling, payload based and pattern
matching has been proposed. It is a logical chance for high speed network. But absence of payload has to be
perceived.
III. PROPOSED WORK
A. System Architecture of Proposed Framework
The proposed System architecture given in Figure 1 contains the five modules, namely, packet capturing,
filtering, P2P node detection, clustering, and botnet detection. In this architecture it is clear that the input of
the next stage is the output of the previous stage.
Figure1. P2P botnet detection model
The dataset about the network is analyzed such that the packets flow in the network is captured using
wireshark tool in the server machine by making the network interface card as a promiscuous mode and the
sniffing is carried out. This captures the flow of packet passes through the server machine. The packet
captured is stored as a PCAP file in the database. The dataset may have infected host details as well as
uninfected host details in the network. For capturing packets we used wireshark tool. Wireshark is a free and
open source packet analyzer. Wireshark has graphical front end and plus some integrating storing and
filtering option. Wireshark has rich features set e.g. deep inspection of hundreds of hundreds of protocol,
multi platform, read/write many different capture file format etc.
Filtering module is responsible for filtering out unrelated traffic flows. Additionally it is responsible to filter
out packets into either legitimate or suspected from the network so that only the packets, which we want to
analyze are available in the network. So this stage reduces the traffic workloads.
Since goal of proposed system is to identify p2p botnet (decentralized bots) in a network, the first step is to
identify p2p nodes in the network. i.e. after filter out legitimate packets, it is necessary to check how many
nodes in a network received packet or message from other nodes. If any node in a network received botnet
packet then according to the definition of P2P botnet, these bots broadcast command or message to the
nearest nodes in the network or they find out victim nodes in the network. So at any particular time the nodes
106
4. incoming degree or outgoing degree which we call it as in-out degree is more. By using these related
concepts, we implemented a new algorithm, called In-Out Degree Algorithm (IODA) which will find P2P
nodes in the network. The number of P2P-nodes in the network can be identified based on the in-out degree
of a node.
The next step is to cluster these P2P nodes. It is based on similar behavior or similar communication. The
clustering has been done to identify the malicious peer in the network. K-Means Clustering Algorithm
(KMCA) has been used for P2P-node clustering. In this algorithm the node at the center is taken as a median
and then the next nearest node will be grouped and clustered as one node. The clustering can be made by
means of behavior of the node. Once the behavior value of the node differs from the normal one in the
cluster, then the node will be identified as suspicious node. The clustering can be made for the similar
behavior of the node that has been clustered. Then the dissimilar node can be grouped as one cluster and
these nodes will be analyzed in order to detect whether the node is a malicious one or not.
Finally P2P botnet traces are identified. This module uses Botnet Stability Detection Algorithm (BSDA) to
detect p2p bots in a network. The input for BSDA algorithm is the output of p2p clustering algorithm. In
BSDA algorithm, stability refers to the whether flows (in the context of botnet detection model flow refers to
the packets which contains information about the control and command packets i.e. information about size of
packets, timing information, same protocols etc.) are stable or unstable. If flows are stable it implies p2p
nodes are exchanging control or command packets to other nodes and accordingly definition of p2p bots,
these nodes are consider as a p2p botnet nodes. On the other hand if flows are unstable it implies p2p nodes
are exchanging packets other than C&C packets and these are not a p2p botnet nodes. The detection of the
botnet can be made by analyzing the control flow stability of a certain port such as UDP port. We can extract
control flows from bot traffic by collecting all flows on the selected UDP port.
B. P2P Node Detection
The algorithm for P2P node detection is based on in-out degree of a node. The in-out degree of a node ‘s’ is
within the set s(i) the number of members connected in a set to the total number of members in the set which
satisfies the condition.
Calculation of In-Out Degree of a Node S:
In-out degree of a node S is represented as IO(S)
Step 1: In a given specified time, collect the subset of nodes. Suppose, in time duration T, we collect subset
of nodes (samples of nodes) m times.
Step 2: Now for each subset of nodes, calculate the number of connections formed by each node. In ‘m’
subsets, number of connection formed by node S is N(m). So total number of connections formed by a node
S in all subsets = N (1) +N (2) +------------+N(m).
Average number of connections formed by
a node S in all m subsets (avg (S)) is N(1)+N(2)+----------+N(m) / m.
Step 3: In-out degree of a node S, in ith subset is defined as the total number of connections of a node S in ith
subset to the average number of connection of a node S in all subsets i.e. In-out degree IO(S(i)) = N(i)/ avg
(S). For each subset, we calculate the In-out degree of a node S. Let these degrees be (IOS(1),IOS(2)----------------IOS(m)) corresponding to every subset.
Step 4: Maximum In-out degree of a node S is
IO{S(max)}=MAX(IO{S(1)},IO{S(2)}-------IO{S(m)}).
Step 5: IO{S(maxx)} =IO{S(max)} * x%.
IO{S(minn)} = IO{S(max)} * y%. Where x and y are
constant. The value for x is 0.9 and y is 0.4.
Step 6: Now we define two sets:Set (1) = { IO{S(i)} /IO {S(i)} > IO{S(maxx)}}.
Where NOM (1) = number of members of that set.
Set (2) = {IO{S(i)}/IO {S(i)} < IO{S(minn)}}.
Where NOM (2) = number of members of that set.
Step 7: The In-out degree of a node S
IO(S) = NOM (2) / NOM (1).
Algorithm for p2p node detection (IODA)
Input: Set of In-out degree of a
node s in all m subset = ( IOS(1), IOS(2)-----------------IOS(m));
Initialize:IO{S(max)},IO{S(maxx)}, IO{S(minn)} NOM (1), NOM (2).
Begin
For i=1 to m do
If IO{S(i)} > IO{S(maxx)}, then
NOM (1) ++;
End;
If IO{S(i)} < IO{S(minn)}, then
107
5. NOM (2) --;
End;
End;
IO(S) = NOM (2) / NOM (1).
If IO(S) > S (IO)
Then node S is P2P node.
End;
End;
The values of S(IO) are the statistics characteristics of IO degree of a node, which we have derived from the
sample nodes.
C. P2P Node Clustering
For P2P node clustering, we used k-means algorithm which is based on association degree and distance
between a pair of nodes. K-means clustering is a method of cluster analysis which aims to partition n
observations into k clusters, in which each cluster belongs to the nearest mean.
Association degree of a pair of nodes [N(1,2) ] is
AD(1,2) = K(1) * [N(1,2)]+N(2,1)] + K(2) * T.
Where N(1,2) = number of packages that node 1 sent to node 2. N(2,1) = number of packages that node 2
sent to node 1. T= time of the connection between a pair of nodes (1,2) in the same period. K(1) and K(2) =
constant. Harmonious degree of a pair of nodes [N(1,2)] is
HD(1,2) = [N(1,2)+ N(2,1)] /ABS [N(1,2)
- N(2,1)].
The distance between a pair of nodes [N(1,2)] is
D(1,2) = 1 / [CD(1,2)].
The basic steps of KMCA algorithm are:
1.
Specify k points as the initial centroids.
2.
Repeat
3.
Form k clusters by assigning all points to the closet centroid.
4.
Recomputed the centroid of each cluster.
5. Until the centroids don’t change.
// specified k points as the initial centroids. //.
Step 1:- Select the initial-node of the C
categories (N1)1 , (N2)1 , (N3)1 ………. (NC)1. Let K=1.
// Repeat step 2, 3 and 4 till
(NJ)K+1 = (NJ)K //
Step 2:- Categorize all sampling nodes X into one specific category by K
times iteration.
If D[X(NJ)K] = min (1<J<K) D[X(NI)K ] Then X є (SJ)K, Where (SJ)K is the
K
set with center node (NJ) , where=1,2,3…………….C.
//recomputed the centroid of each
cluster. //
Step 3:- Use the category (SJ)K which obtained in step2 to update the
center node (NJ)K+1 of J category, until ∑J=1 to C ∑ X є (SJ)KD2 X(NJ)K+1 to be minimum value.
//
until the centroids don’t change. //
Step 4:- With all J=1,2,3…….C, if (NJ)K+1 = (NJ)K The
iteration ends, otherwise K = K+1, go step 2 and continue.
D. Botnet detection:
Finally botnet detection procedure which is based on stability of flow has been applied. The input for this
step is the output of the previous algorithm. A sequence of packets which contain same information i.e., same
source address same destination address, same source port, same destination port , same protocol etc., are
called flow. The flow record contains only address information, port information, timing information, size
information etc., but no information about payload. So for the detecting the stability of flows, we have to
select one information from flow packets. For this we select average number of bytes per packet / flow. For
simplicity, we denote this variable to avg(nbpp). For a flowj we divide the total number of bytes by the
number of packets within this flow and we can obtain the value of abp of this flow. In BSDA algorithm, we
use two timing windows and calculate the distribution of avg(nbpp) in different timing intervals and compare
these two distributions.
The Botnet Stability Detection Algorithm (BSDA):
Step 1:-specify each value of timing window one by one.
Steps 2:- specify the value of timing interval between these two timing windows.
Steps 3:- specify the value of flow change number
(initially zero) and epochs.
Steps 4:- calculate the distribution of avg(nbpp) in these two timing windows and compare.
108
6. Steps 5:- if they are closely related (difference is less than some threshold value which we calculated from
previous experiments) then print “flow is stable”.
Step 6:- After first interval, the second window (second avg(nbpp)) become the baseline for second interval
and again compute avg(nbpp) and compare.
Step 7;- if they are not closely related, report a flow change and increment the value of flow change number
by one and repeat the same procedure.
Step 8:- Repeat this procedure till flow not change.The timing interval is same between two avg(nbpp). So by
using this procedure we also able to say how many times flows changed.
IV. CONCLUSION
In this paper we have presented a P2P botnet detection model which is based on in-out degree of a node
(IODA), clustering (KMCA) and stability of flow (BSDA). In-out degree of a node is useful to identify P2P
nodes of a network. Clustering algorithm is based on harmonious degree and distance between a pair of
nodes. The botnet detection model is based on stability of flow. Since all bots follow the same rule and
predefined control and command method so by using this method we easily identify P2P bots from a
network. This proposed botnet detection model detects both known and unknown bots.
Figure 2. Relationship between avg number of connection and in-out degree of node
Figure 2 shows the relationship between average connection of nodes and in-out degree of nodes. Nodes
which generate more number of connections which we refer it as ‘avg’ number of connections with other
nodes having higher in-out degree than other node. i.e. they exchange more number of packets with other
nodes. In above graph average connections of node (in-out degree) 3 and 4 are high than all other nodes. So
this node is suspected as a P2P node while node 2 and 5 create less number of connections so these nodes are
considered to be legitimate P2P node, which is purely based on in-out degree of a node.
Figure 3. Relationship between association degree and harmonious degree of a pair of node
109
7. Figure 3 shows the relationship between a pair of nodes and their association degree and Harmonious degree.
By observing this graph it is clear that a pair of nodes which exchanges more number of packets, their
association degree and harmonious degree is higher than other nodes. This means that distance between them
is less than the other pairs of nodes. As inverse relationship exists between them, it tells about its
symmetricity too.
Figure 4. Stability index in different epochs
Finally Figure 4 shows how stability index vary according to control number and flow duration. As the
value of change number (CN) increase in different epochs, at the same time value of stability index (SI) also
increases in different epochs (keep timing interval same in all epochs). First value of CN is zero then value
of SI is one in all the epochs. As the value of CN slightly increases, there is more deviation in SI.
Figure 5. Matching number of bot features
The proposed work which has been implemented above using the specified standards and the previous work
is taken for experiment. The experimental result of both the work is evaluated by the parameter such as
matching number of bot features and stability index. The comparison graph is the evaluated results of both
the work and it is clearly shows that the proposed work has better matching number of bot features and
stability index compared to previous work. Figure 5 shows the matching number of bot features like attacks
port, SMTP error response etc. All bots were matched with any bot features, which eliminates the incidence
of any false negative on bot infected PCs. This implies that the implemented system can extract the bot
process and report in a stable manner.
110
8. REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
Lei Zhang, Shui Yu, Di Wu, Paul Watters, “A Survey on Latest Botnet Attack and Defense”, International Joint Conference Of
IEEE Trustcom-11/IEEE ICESS-11/FCST-11, pp.53-60, 2011.
Maryam Feily, Alireza Shahreshtani and Sureswaran Ramadas “A Survey of Botnet and Botnet Detection”,IEEE in The Third
Conference of Emerging Security Information, Systems and Technologies, pp.79-84, 2009.
Banday, M.T. Qadri, J.A.Shah, “Study of Botnet and Their Threats to internet Security”, Sprouts:Working papers on Information
System, 2009. Available at:http://sprouts.aisnet.org/9-24.
Niels Provos, Thorsten Holz, “Virtual Honeypots: From Botnet Tracking to Intrusion Detection”, See Chapter11- Tracking
Botnets. Publisher: Addison Wesley Professional, Publishing 16 June, 2007.
Hossein Rouhani Zeidanloo, Farhoud Hossswinpour and Farhood Farid Etemad “New Approach For Detection of IRC and P2P
Botnet” International Journals of Computer and Electrical Engineering, Vol.2, No.6, pp.1029-1038, December, 2010.
Jing Liu, Yang Xiao, Kaveh Ghaboosi, Julia Deng, Jingyuan Zhang, “Botnet: Classification, Attacks, Detection, Tracing, and
Preventive Mesaures”, EURASIP Journal on Wireless Communications and Networking, 2008.
Mukesh Kumar, Pothula Sujatha, P. Manikandan, Madarapu, Naresh Kumar, Chetana Sidige and Sunil Kumar Verma “SelfDestructible Concentrated P2P Botnet” IJCSI International Journal of Computer Science Issues, Vol. 8, Issue 3, No.1, pp.401-405,
2011.
Yukiko Sawaya, Ayumu Kubota, Yutaka Miyake “Detection of Attackers in Services Using Anomalous Host Behavior Based on
Traffic Flow Statistics” PSJ International Symposium On Applications and the Internet, pp. 353-359,2011.
Alireza Shahrestani, Maryam Feily Rodina Ahmad, Sureswaran Ramadass “Discovery of Invariant Bot Behavior Through Visual
Network Monitoring System” Fourth International Conference on Emerging Security Information, Systems and
Technologies,pp.182-188, 2010
Yousof Al Hammadi, Uwe Aickelin “Behavioral Correlation for Detecting P2P Bots” Second International Conference on Future
Networks, DOI 10. 1109/ICFN 2010.72, pp. 323-327, 2010.
Hossein Rouhani Zeidanloo, Azizah bt Abdul Manaf “Botnet Detection by Monitoring Similar Communications Patterns”
International Journals of Computer Science and Information Security, Vol. 7,No.3, pp.36-44, 2010.
Hsiao-Chung Lin, Chia-Mei Chen, Jui-Yu Tzeng “Flow Based Botnet Detection” IEEE Fourth International Conference on
Innovative Computing, Information and control pp.1538-1541, 2009.
S. Zander, T. Nguyen and G. Armitage “P2P Traffic Identification Based on The Signature of Key Packets”, IEEE conference
Local Computer Networks, 2010.
Yousof Al Hammadi, Uwe Aickelin “Behavioral Correlation for Detecting P2P Bots” Second International Conference on Future
Networks, DOI 10. 1109/ICFN 2010.72, pp. 323-327, 2010.
Mohammed Abdul Qadeer, Mohammad Zahid “Network Traffic Analysis and Intrusion Detection Using Packet Sniffer” Second
International Conference on Communication Softwaret and Networks pp.313-317, 2010.
Tang T.K. and Wang J.H., “The Detection of zombies, Chinese cryptography and Information Security Association (CCISA 07)”.
Vol.13, July 2007, pp 25-36, ISSN 17729-6056.
Yang C.H. and Ting K.L.,” Fast Deployment of Botnet Detection with Traffic Monitoring”. Z. Fifth International Conference on
Intelligent Information Hiding and Multimedia signal processing (IIHMSP 09), Sep 2009, pp 856-860.
Lee J.S. Jeong, H.C., Park, J.H. Kim, M and Noh, B.N., “The Activity Analysis of Malicious HTTP-based Botnets using degree of
periodic Repeatability”, International conference on Security technology (SecTech 08), IEEE press, Mar 2008, pp 83-86.
DOI:10.1109/SecTech.2008.52.
111