Generally, the botnet is one of the most dangerous threats in the network. It has number attackers in the network. The
attacker consists of DDOS attack, remote attack, etc., Bots perform perform repetitive tasks automatically or on a schedule over the
internet, tasks that would be too mundane or time-consuming for an actual person. But the botnets have stealthy behavior as they are
very difficult to identify. These botnets have to be identified and the internet have to be protected. Also the the activity of botnets must
be prevented to provide the users, a reliable service. The past of botnet detection has a transaction process which is not secure. A
efficient stastical data classifier is required to train the botent preventions system. To provide the above features clustering based
analysis is done. our approach can detect and profile various P2P applications rather than identifying a specific P2P application.
Anomaly based detection technique is used to obtain this goal.
Now-a-days, Internet has become an important part of human’s life, a person
can shop, invest, and perform all the banking task online. Almost, all the organizations have
their own website, where customer can perform all the task like shopping, they only have to
provide their credit card details. Online banking and e-commerce organizations have been
experiencing the increase in credit card transaction and other modes of on-line transaction.
Due to this credit card fraud becomes a very popular issue for credit card industry, it causes
many financial losses for customer and also for the organization. Many techniques like
Decision Tree, Neural Networks, Genetic Algorithm based on modern techniques like
Artificial Intelligence, Machine Learning, and Fuzzy Logic have been already developed for
credit card fraud detection. In this paper, an evolutionary Simulated Annealing algorithm is
used to train the Neural Networks for Credit Card fraud detection in real-time scenario.
This paper shows how this technique can be used for credit card fraud detection and
present all the detailed experimental results found when using this technique on real world
financial data (data are taken from UCI repository) to show the effectiveness of this
technique. The algorithm used in this paper are likely beneficial for the organizations and
for individual users in terms of cost and time efficiency. Still there are many cases which are
misclassified i.e. A genuine customer is classified as fraud customer or vise-versa.
Nowadays, cyber-attacks from botnets are increasing at a faster rate than any other malware spread. Detecting the botmaster who commands the tasks has become more difficult. Most of the detecting methods are based on the features of any communication protocol or the history of the network traffic. In this paper, a rational approach is brought for the live detection of the botmaster in the internal network. The victim machine monitors its packets and compromises the bots in the network and finds the traces to the botmaster. This approach works independent of the structure of the botnet, and will be a better option for online detection of the botmaster.
Detection of Botnets using Honeypots and P2P BotnetsCSCJournals
A “botnet” is a group of compromised computers connected to a network, which can be used for both recognition and illicit financial gain; controlled by an attacker (bot-herder). Among the counter measures proposed in the recent developments is the “Honeypot”. The attacker who would be aware of the Honeypot would take adequate steps to maintain the botnet, hence attack the Honeypot (Infected Honeypot). In this paper we propose a method to remove the infected Honeypot by Constructing a Peer-to-peer structured botnet which would detect the uninfected Honeypot and use it to detect botnets originally used by the attacker. Our simulation shows that this method is very effective and can detect the botnets that are intended to malign the network.
Towards botnet detection through features using network traffic classificationIJERA Editor
Botnet are becoming the most significant threat to the internet world. Botnet is the automated process of
attackers that interacts with network traffic and its services. Botnet are automatically updated into the
compromised system to collect the authenticated information. In this paper, we present a model to extract some
features which are helpful to analyze the behaviour of bot members present in the particular network traffic. On
the other hand, various superior methods are evaluated to extract weather network traffic contain bot or not. In
particularly, our evaluation shows that the particular traffic contain any bot member in their communication.
A Dynamic Botnet Detection Model based on Behavior Analysisidescitation
Today different types of malware exist in the Internet. Among them one of the
malware is known as botnet which is frequently used for many cyber attacks and crimes in
the Internet. Currently botnets are the main rootcause for several illegal activities like
spamming, DDoS, click fraud etc. Botnets operate under the command and control(C&C)
infrastructure which makes its functioning unique. As long as the Internet exists botnet also
will exist. It can be used to perpetrate many Internet crimes. So fighting against them is a
challenging problem. The P2P-decentralized based botnets are more dangerous than
centralized botnets. In this paper a novel approach for the detection of P2P based botnet is
presented. The proposed approach for the detection of botnet in the network stream
analysis has been done in three phases. The first phase begins with the identification of P2P
node and the second phase deals with the clustering of the suspicious P2P node. Finally
botnet detection procedure has been applied which is based on stability of bots.
Experimental results show that the proposed approach detects more number of bots with
high accuracy.
Public Key Cryptosystem Approach for P2P Botnet Detection and PreventionIJERA Editor
Distributed (P2P) botnets have as of late been received by botmasters for their versatility against take-down
endeavors. Other than being harder to bring down, p2p botnets tend to be stealthier in the way they perform
vindictive exercises, making current discovery approaches ineffectual. In this paper, we simulate our proposal
by detecting a gray hole attack in an Ad Hoc network using NS2.The detected malicious node is listed in a black
hole list and notices all other nodes in the network to stop communicating with them. Our botnet location
framework has been equipped for identifying stealthy P2P botnets (Gray Hole nodes) and can reduce packet loss
caused by malicious nodes and have a better packet delivery ratio (PDR) within less period of time.
Detection of the botnets’ low-rate DDoS attacks based on self-similarity IJECEIAES
An article presents the approach for the botnets’ low-rate a DDoS-attacks detection based on the botnet’s behavior in the network. Detection process involves the analysis of the network traffic, generated by the botnets’ low-rate DDoS attack. Proposed technique is the part of botnets detection system–BotGRABBER system. The novelty of the paper is that the low-rate DDoS-attacks detection involves not only the network features, inherent to the botnets, but also network traffic self-similarity analysis, which is defined with the use of Hurst coefficient. Detection process consists of the knowledge formation based on the features that may indicate low-rate DDoS attack performed by a botnet; network monitoring, which analyzes information obtained from the network and making conclusion about possible DDoS attack in the network; and the appliance of the security scenario for the corporate area network’s infrastructure in the situation of low-rate attacks.
Now-a-days, Internet has become an important part of human’s life, a person
can shop, invest, and perform all the banking task online. Almost, all the organizations have
their own website, where customer can perform all the task like shopping, they only have to
provide their credit card details. Online banking and e-commerce organizations have been
experiencing the increase in credit card transaction and other modes of on-line transaction.
Due to this credit card fraud becomes a very popular issue for credit card industry, it causes
many financial losses for customer and also for the organization. Many techniques like
Decision Tree, Neural Networks, Genetic Algorithm based on modern techniques like
Artificial Intelligence, Machine Learning, and Fuzzy Logic have been already developed for
credit card fraud detection. In this paper, an evolutionary Simulated Annealing algorithm is
used to train the Neural Networks for Credit Card fraud detection in real-time scenario.
This paper shows how this technique can be used for credit card fraud detection and
present all the detailed experimental results found when using this technique on real world
financial data (data are taken from UCI repository) to show the effectiveness of this
technique. The algorithm used in this paper are likely beneficial for the organizations and
for individual users in terms of cost and time efficiency. Still there are many cases which are
misclassified i.e. A genuine customer is classified as fraud customer or vise-versa.
Nowadays, cyber-attacks from botnets are increasing at a faster rate than any other malware spread. Detecting the botmaster who commands the tasks has become more difficult. Most of the detecting methods are based on the features of any communication protocol or the history of the network traffic. In this paper, a rational approach is brought for the live detection of the botmaster in the internal network. The victim machine monitors its packets and compromises the bots in the network and finds the traces to the botmaster. This approach works independent of the structure of the botnet, and will be a better option for online detection of the botmaster.
Detection of Botnets using Honeypots and P2P BotnetsCSCJournals
A “botnet” is a group of compromised computers connected to a network, which can be used for both recognition and illicit financial gain; controlled by an attacker (bot-herder). Among the counter measures proposed in the recent developments is the “Honeypot”. The attacker who would be aware of the Honeypot would take adequate steps to maintain the botnet, hence attack the Honeypot (Infected Honeypot). In this paper we propose a method to remove the infected Honeypot by Constructing a Peer-to-peer structured botnet which would detect the uninfected Honeypot and use it to detect botnets originally used by the attacker. Our simulation shows that this method is very effective and can detect the botnets that are intended to malign the network.
Towards botnet detection through features using network traffic classificationIJERA Editor
Botnet are becoming the most significant threat to the internet world. Botnet is the automated process of
attackers that interacts with network traffic and its services. Botnet are automatically updated into the
compromised system to collect the authenticated information. In this paper, we present a model to extract some
features which are helpful to analyze the behaviour of bot members present in the particular network traffic. On
the other hand, various superior methods are evaluated to extract weather network traffic contain bot or not. In
particularly, our evaluation shows that the particular traffic contain any bot member in their communication.
A Dynamic Botnet Detection Model based on Behavior Analysisidescitation
Today different types of malware exist in the Internet. Among them one of the
malware is known as botnet which is frequently used for many cyber attacks and crimes in
the Internet. Currently botnets are the main rootcause for several illegal activities like
spamming, DDoS, click fraud etc. Botnets operate under the command and control(C&C)
infrastructure which makes its functioning unique. As long as the Internet exists botnet also
will exist. It can be used to perpetrate many Internet crimes. So fighting against them is a
challenging problem. The P2P-decentralized based botnets are more dangerous than
centralized botnets. In this paper a novel approach for the detection of P2P based botnet is
presented. The proposed approach for the detection of botnet in the network stream
analysis has been done in three phases. The first phase begins with the identification of P2P
node and the second phase deals with the clustering of the suspicious P2P node. Finally
botnet detection procedure has been applied which is based on stability of bots.
Experimental results show that the proposed approach detects more number of bots with
high accuracy.
Public Key Cryptosystem Approach for P2P Botnet Detection and PreventionIJERA Editor
Distributed (P2P) botnets have as of late been received by botmasters for their versatility against take-down
endeavors. Other than being harder to bring down, p2p botnets tend to be stealthier in the way they perform
vindictive exercises, making current discovery approaches ineffectual. In this paper, we simulate our proposal
by detecting a gray hole attack in an Ad Hoc network using NS2.The detected malicious node is listed in a black
hole list and notices all other nodes in the network to stop communicating with them. Our botnet location
framework has been equipped for identifying stealthy P2P botnets (Gray Hole nodes) and can reduce packet loss
caused by malicious nodes and have a better packet delivery ratio (PDR) within less period of time.
Detection of the botnets’ low-rate DDoS attacks based on self-similarity IJECEIAES
An article presents the approach for the botnets’ low-rate a DDoS-attacks detection based on the botnet’s behavior in the network. Detection process involves the analysis of the network traffic, generated by the botnets’ low-rate DDoS attack. Proposed technique is the part of botnets detection system–BotGRABBER system. The novelty of the paper is that the low-rate DDoS-attacks detection involves not only the network features, inherent to the botnets, but also network traffic self-similarity analysis, which is defined with the use of Hurst coefficient. Detection process consists of the knowledge formation based on the features that may indicate low-rate DDoS attack performed by a botnet; network monitoring, which analyzes information obtained from the network and making conclusion about possible DDoS attack in the network; and the appliance of the security scenario for the corporate area network’s infrastructure in the situation of low-rate attacks.
Botnets gained wide visibility in the last few years, becoming one of the most observed and dangerous threats in the malware landscape. This is mainly due to the fact that botnets represents a very valuable and flexible asset in the arsenal of hackers and APTs. We’ve seen botnets becoming real cyber-weapons, capable of targeting nations and the business of famous companies. For this reason, it is crucial to design techniques able to detect bot-infected hosts at different levels (enterprise, ISP, etc.). Different kind of techniques have been studied and researched in the last years, in a never ending race between attackers and defenders. In this work a representative set of the entire literature is analyzed, enlightening the different kind of state-of-theart approaches that researchers have followed with the ultimate goal of designing effective botnet detection solutions. The objective is producing a taxonomy of the botnet detection techniques, showing possible research directions in designing new techniques to mitigate the risks associated to botnet based attacks.
Optimal remote access trojans detection based on network behaviorIJECEIAES
RAT is one of the most infected malware in the hyper-connected world. Data is being leaked or disclosed every day because new remote access Trojans are emerging and they are used to steal confidential data from target hosts. Network behavior-based detection has been used to provide an effective detection model for Remote Access Trojans. However, there is still short comings: to detect as early as possible, some False Negative Rate and accuracy that may vary depending on ratio of normal and malicious RAT sessions. As typical network contains large amount of normal traffic and small amount of malicious traffic, the detection model was built based on the different ratio of normal and malicious sessions in previous works. At that time false negative rate is less than 2%, and it varies depending on different ratio of normal and malicious instances. An unbalanced dataset will bias the prediction model towards the more common class. In this paper, each RAT is run many times in order to capture variant behavior of a Remote Access Trojan in the early stage, and balanced instances of normal applications and Remote Access Trojans are used for detection model. Our approach achieves 99 % accuracy and 0.3% False Negative Rate by Random Forest Algorithm.
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
Conventional malware detection systems cannot detect most of the new malware in the network
without the availability of their signatures. In order to solve this problem, this paper proposes a technique
to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a
combination of known malware sub-signature and machine learning classification. This network-based
malware detection is achieved through a middle path for efficient processing of non-malware packets.
The proposed technique has been tested and verified using multiple data sets (metamorphic malware,
non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in
the network-based before they reached the host better than the previous works which detect malware in
host-based. Experimental results showed that the proposed technique can speed up the transmission of
more than 98% normal packets without sending them to the slow path, and more than 97% of malware
packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic
malware packets in the test dataset could be detected. The proposed technique is 37 times faster than
existing technique.
Classifying IoT malware delivery patterns for attack detectionFabrizio Farinacci
The Internet of Things (IoT) is one of the most promising technology vision of the most recent years. It will really impact the way economy, industry and govern- ments perform their operation, with all the benefits coming from the increase of connectivity among devices pushed to the limit. Unfortunately, the availability of countless number of Internet connected devices having a small but usable computing power is the Holy Grail of cybercriminals, especially if (like in the most of the cases) those devices are also particularly vulnerable to attacks. The enormous growth of IoT malware spotted in the wild is the proof that shows how the situation is already dramatic and that it is worsening everyday more and more. Designing strategies to defend, detect and mitigate those attacks it is critical to secure the IoT environment and to realize the vision of the Internet of Things. In this work, an approach for recognizing and classifying the attacks targeting IoT devices is presented. The approach leverages the fact that attacks and particularly malware (and even more in the case of the IoT) are characterized by extensive code reuse, enabling the identification of attack patterns characterizing the device compromise stage. Furthermore, the definition of those patterns enables the profiling, grouping and classification of the attacks in an effective and robust way against the small changes performed by attackers to evade signature-based approaches.
Pattern Analysis and Signature Extraction for Intrusion Attacks on Web ServicesIJNSA Journal
The increasing popularity of web service technology is attracting hackers and attackers to hack the web services and the servers on which they run. Organizations are therefore facing the challenge of implementing adequate security for Web Services. A major threat is that of intruders which may maliciously try to access the data or services. The automated methods of signature extraction extract the binary pattern blindly resulting in more false positives. In this paper a semi automated approach is proposed to analyze the attacks and generate signatures for web services. For data collection, apart from the conventional SOAP data loggers, honeypots are also used that collect small data which is of high value. To filter out the most suspicious part of the data, SVM based classifier is employed to aid the system administrator. By applying an attack signature algorithm on the filtered data, a more balanced attack signature is extracted that results in fewer false positives and negatives. It helps the Security Administrator to identify the web services that are vulnerable or are attacked more frequently.
MALICIOUS URL DETECTION USING CONVOLUTIONAL NEURAL NETWORKijcseit
The World Wide Web has become an important part of our everyday life for information communication
and knowledge dissemination. It helps to transact information timely, rapidly and easily. Identifying theft
and identity fraud are referred as two sides of cyber-crime in which hackers and malicious users obtain the
personal data of existing legitimate users to attempt fraud or deception motivation for financial gain.
Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting
users to become victims of scams (monetary loss, theft of private information, and malware installation),
and cause losses of billions of dollars every year. To detect such crimes systems should be fast and precise
with the ability to detect new malicious content. Traditionally, this detection is done mostly through the
usage of blacklists. However, blacklists cannot be exhaustive, and lack the ability to detect newly generated
malicious URLs. To improve the generality of malicious URL detectors, machine learning techniques have
been explored with increasing attention in recent years. In this paper, I use a simple algorithm to detect
and predicting URLs it is good or bad and compared with two other algorithms to know (SVM, LR).
Lightweight C&C based botnet detection using Aho-Corasick NFAIJNSA Journal
Botnet distinguishes itself from the previous malware by having the characteristics of a C&C channel, using which a Botmaster can control the constituents of the botnet. Even though protocols like IRC, HTTP and DNS are exploited to incorporate C&C channels, previous analysis have shown that the majority of the botnets are usually based on IRC. Consequently in this paper the Aho-Corasick NFA based detection is proposed to detect the C&C instructions which is exchanged in IRC run botnets. However the ability to detect botnet is limited to the existing bot commands. Therefore a counting process which analyses every IRC messages is introduced to detect the existence of malicious codes. This detection method and various existing methods have been evaluated using real-world network traces. The results show that the proposed C&C Instruction based IRC detection method can detect real-world botnets with high accuracy.
Copyright Protection in Peer To Peer NetworkIJERA Editor
Recently, P2P technology has become so popular that a large number of files are being exchanged by millions of users concurrently. However, due to the significant growth of P2P file sharing, even copyrighted files are also actively exchanged so copyright infringement has become a serious issue. In particular, P2P file sharing is recognized as a killer application for the P2P technology, and several P2P file sharing systems have been used by many users from the late 90’s to the present, including Napster, Gnutella, Kazaa and Bit Torrent. However, the popularization of such P2P file sharing causes several undesired issues in recent years, such as the illegal sharing of copyrighted contents violating the copyright law and the act as a hotbed of cyber-crimes such as phishing scams and leaks of personal information. In this work, we propose a solution to ensure copy right violation in P2P systems. Keywords- Peer to Peer systems, copyright infringement, file sharing, digital rights management, pollution attack, index poisoning, watermarking and fingerprinting.
An Adaptive Energy Aware Clustering Based Reliable Routing for in-Network Agg...Editor IJCATR
Wireless Sensor Network (WSN) consists of spatially distributed autonomous devices that cooperatively sense physical or
environmental conditions. Due to the non-uniform node deployment, the energy consumption among nodes are more
imbalanced in cluster-based wireless sensor networks this factor will affect the network life time. Cluster-based routing and EADC
algorithm through an efficient energy aware clustering algorithm is employed to avoid imbalance network distribution. Our proposed
protocol EADC aims at minimizing the overall network overhead and energy expenditure associated with the multi hop data retrieval
process while also ensuring balanced energy consumption among SNs and prolonged network life time .A optimal one-hop based
selective node in building cluster structures consisted of member nodes that route their measured data to their assigned cluster head is
identified to ensure efficient communication. The proposed routing algorithm increases forwarding tasks of the nodes in scarcely
covered areas by forcing cluster heads to choose nodes with higher energy and fewer member nodes and finally, achieves
imbalanced among cluster head and improve the network life time.
Botnets gained wide visibility in the last few years, becoming one of the most observed and dangerous threats in the malware landscape. This is mainly due to the fact that botnets represents a very valuable and flexible asset in the arsenal of hackers and APTs. We’ve seen botnets becoming real cyber-weapons, capable of targeting nations and the business of famous companies. For this reason, it is crucial to design techniques able to detect bot-infected hosts at different levels (enterprise, ISP, etc.). Different kind of techniques have been studied and researched in the last years, in a never ending race between attackers and defenders. In this work a representative set of the entire literature is analyzed, enlightening the different kind of state-of-theart approaches that researchers have followed with the ultimate goal of designing effective botnet detection solutions. The objective is producing a taxonomy of the botnet detection techniques, showing possible research directions in designing new techniques to mitigate the risks associated to botnet based attacks.
Optimal remote access trojans detection based on network behaviorIJECEIAES
RAT is one of the most infected malware in the hyper-connected world. Data is being leaked or disclosed every day because new remote access Trojans are emerging and they are used to steal confidential data from target hosts. Network behavior-based detection has been used to provide an effective detection model for Remote Access Trojans. However, there is still short comings: to detect as early as possible, some False Negative Rate and accuracy that may vary depending on ratio of normal and malicious RAT sessions. As typical network contains large amount of normal traffic and small amount of malicious traffic, the detection model was built based on the different ratio of normal and malicious sessions in previous works. At that time false negative rate is less than 2%, and it varies depending on different ratio of normal and malicious instances. An unbalanced dataset will bias the prediction model towards the more common class. In this paper, each RAT is run many times in order to capture variant behavior of a Remote Access Trojan in the early stage, and balanced instances of normal applications and Remote Access Trojans are used for detection model. Our approach achieves 99 % accuracy and 0.3% False Negative Rate by Random Forest Algorithm.
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
Conventional malware detection systems cannot detect most of the new malware in the network
without the availability of their signatures. In order to solve this problem, this paper proposes a technique
to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a
combination of known malware sub-signature and machine learning classification. This network-based
malware detection is achieved through a middle path for efficient processing of non-malware packets.
The proposed technique has been tested and verified using multiple data sets (metamorphic malware,
non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in
the network-based before they reached the host better than the previous works which detect malware in
host-based. Experimental results showed that the proposed technique can speed up the transmission of
more than 98% normal packets without sending them to the slow path, and more than 97% of malware
packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic
malware packets in the test dataset could be detected. The proposed technique is 37 times faster than
existing technique.
Classifying IoT malware delivery patterns for attack detectionFabrizio Farinacci
The Internet of Things (IoT) is one of the most promising technology vision of the most recent years. It will really impact the way economy, industry and govern- ments perform their operation, with all the benefits coming from the increase of connectivity among devices pushed to the limit. Unfortunately, the availability of countless number of Internet connected devices having a small but usable computing power is the Holy Grail of cybercriminals, especially if (like in the most of the cases) those devices are also particularly vulnerable to attacks. The enormous growth of IoT malware spotted in the wild is the proof that shows how the situation is already dramatic and that it is worsening everyday more and more. Designing strategies to defend, detect and mitigate those attacks it is critical to secure the IoT environment and to realize the vision of the Internet of Things. In this work, an approach for recognizing and classifying the attacks targeting IoT devices is presented. The approach leverages the fact that attacks and particularly malware (and even more in the case of the IoT) are characterized by extensive code reuse, enabling the identification of attack patterns characterizing the device compromise stage. Furthermore, the definition of those patterns enables the profiling, grouping and classification of the attacks in an effective and robust way against the small changes performed by attackers to evade signature-based approaches.
Pattern Analysis and Signature Extraction for Intrusion Attacks on Web ServicesIJNSA Journal
The increasing popularity of web service technology is attracting hackers and attackers to hack the web services and the servers on which they run. Organizations are therefore facing the challenge of implementing adequate security for Web Services. A major threat is that of intruders which may maliciously try to access the data or services. The automated methods of signature extraction extract the binary pattern blindly resulting in more false positives. In this paper a semi automated approach is proposed to analyze the attacks and generate signatures for web services. For data collection, apart from the conventional SOAP data loggers, honeypots are also used that collect small data which is of high value. To filter out the most suspicious part of the data, SVM based classifier is employed to aid the system administrator. By applying an attack signature algorithm on the filtered data, a more balanced attack signature is extracted that results in fewer false positives and negatives. It helps the Security Administrator to identify the web services that are vulnerable or are attacked more frequently.
MALICIOUS URL DETECTION USING CONVOLUTIONAL NEURAL NETWORKijcseit
The World Wide Web has become an important part of our everyday life for information communication
and knowledge dissemination. It helps to transact information timely, rapidly and easily. Identifying theft
and identity fraud are referred as two sides of cyber-crime in which hackers and malicious users obtain the
personal data of existing legitimate users to attempt fraud or deception motivation for financial gain.
Malicious URLs host unsolicited content (spam, phishing, drive-by exploits, etc.) and lure unsuspecting
users to become victims of scams (monetary loss, theft of private information, and malware installation),
and cause losses of billions of dollars every year. To detect such crimes systems should be fast and precise
with the ability to detect new malicious content. Traditionally, this detection is done mostly through the
usage of blacklists. However, blacklists cannot be exhaustive, and lack the ability to detect newly generated
malicious URLs. To improve the generality of malicious URL detectors, machine learning techniques have
been explored with increasing attention in recent years. In this paper, I use a simple algorithm to detect
and predicting URLs it is good or bad and compared with two other algorithms to know (SVM, LR).
Lightweight C&C based botnet detection using Aho-Corasick NFAIJNSA Journal
Botnet distinguishes itself from the previous malware by having the characteristics of a C&C channel, using which a Botmaster can control the constituents of the botnet. Even though protocols like IRC, HTTP and DNS are exploited to incorporate C&C channels, previous analysis have shown that the majority of the botnets are usually based on IRC. Consequently in this paper the Aho-Corasick NFA based detection is proposed to detect the C&C instructions which is exchanged in IRC run botnets. However the ability to detect botnet is limited to the existing bot commands. Therefore a counting process which analyses every IRC messages is introduced to detect the existence of malicious codes. This detection method and various existing methods have been evaluated using real-world network traces. The results show that the proposed C&C Instruction based IRC detection method can detect real-world botnets with high accuracy.
Copyright Protection in Peer To Peer NetworkIJERA Editor
Recently, P2P technology has become so popular that a large number of files are being exchanged by millions of users concurrently. However, due to the significant growth of P2P file sharing, even copyrighted files are also actively exchanged so copyright infringement has become a serious issue. In particular, P2P file sharing is recognized as a killer application for the P2P technology, and several P2P file sharing systems have been used by many users from the late 90’s to the present, including Napster, Gnutella, Kazaa and Bit Torrent. However, the popularization of such P2P file sharing causes several undesired issues in recent years, such as the illegal sharing of copyrighted contents violating the copyright law and the act as a hotbed of cyber-crimes such as phishing scams and leaks of personal information. In this work, we propose a solution to ensure copy right violation in P2P systems. Keywords- Peer to Peer systems, copyright infringement, file sharing, digital rights management, pollution attack, index poisoning, watermarking and fingerprinting.
An Adaptive Energy Aware Clustering Based Reliable Routing for in-Network Agg...Editor IJCATR
Wireless Sensor Network (WSN) consists of spatially distributed autonomous devices that cooperatively sense physical or
environmental conditions. Due to the non-uniform node deployment, the energy consumption among nodes are more
imbalanced in cluster-based wireless sensor networks this factor will affect the network life time. Cluster-based routing and EADC
algorithm through an efficient energy aware clustering algorithm is employed to avoid imbalance network distribution. Our proposed
protocol EADC aims at minimizing the overall network overhead and energy expenditure associated with the multi hop data retrieval
process while also ensuring balanced energy consumption among SNs and prolonged network life time .A optimal one-hop based
selective node in building cluster structures consisted of member nodes that route their measured data to their assigned cluster head is
identified to ensure efficient communication. The proposed routing algorithm increases forwarding tasks of the nodes in scarcely
covered areas by forcing cluster heads to choose nodes with higher energy and fewer member nodes and finally, achieves
imbalanced among cluster head and improve the network life time.
Growth, structural, mechanical and dielectric studies of undoped and urea dop...Editor IJCATR
Undoped and urea doped L-alaninium maleate crystals were grown by solution method with slow evaporation technique.
Solubility studies were carried out for the grown crystals and it is found that solubility increases with temperature for both the samples.
XRD studies were performed to find the crystal structure of the samples. NLO activity of the grown crystals was studied using a
Nd:YAG laser and SHG efficiency was found for both the samples. Microhardness studies were performed to understand the
mechanical strength of the samples. Measurements of values of dielectric constant and dielectric loss were carried out and the
electrical processes that are taking place in the samples are discussed
Neuro-Fuzzy Model for Strategic Intellectual Property Cost ManagementEditor IJCATR
Strategic Intellectual property (IP) management requires strategic IP creation cost management. It is ideal to
be able to proactively estimate the cost of creating IP. This would facilitate the alignment of IP creation activities in order
to meet strategic management objectives. This paper proposes the use of Neuro-fuzzy model for strategic management
of IP cost management. The extraction of the variables for the model is based on the Activity Based Costing techniques.
Effect of Adding Indium on Wetting Behavior, Microstructure and Physical Prop...Editor IJCATR
Effect of adding indium on microstructure, wetting process, thermal, electrical and mechanical properties of tin- zinc eutectic alloy have been investigated. Microstructure (started base line, lattice parameters, unit cell volume, crystal size and the shape of formed crystalline phases) and measured physical properties of tin- zinc eutectic alloy changed after adding different ratio of indium content. A little variation occurred in thermo-graph (Endo-thermal peaks) of Sn91Zn9 alloy after adding indium. The contact angle, melting temperature and specific heat of Sn91Zn9 alloy decreased after adding indium content. Also elastic modulus and internal friction values of Sn91Zn9 alloy decreased after adding indium content. But electrical resistivity and Vickers hardness values of Sn91Zn9 alloy increased after adding indium content. The SnZn9In5 alloy has adequate properties for solder applications.
Botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical targets, malware dissemination, phishing, and click fraud. The defining characteristic of botnets is the use of command and control channels through which they can be updated and directed. Recently, botnet detection has been an interesting research topic related to cyber-threat and cyber-crime prevention. This paper is a survey of botnet and botnet detection. The survey clarifies botnet phenomenon and discusses botnet detection techniques. This survey classifies botnet detection techniques into four classes: signature-based, anomaly-based, DNS-based, and mining-base.
lab3/cdga.zip
lab3/code.c
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <wchar.h>
void dga(int year, int month, int day)
{
char alphabets[]={'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'};
printf("domain is syn-%c%c%c.com\n",alphabets[year-2000],alphabets[month*2],alphabets[10]);
}
int main()
{
char test[]="Simple DGA example for CIT406";
SYSTEMTIME st;
GetLocalTime(&st);
dga(st.wYear, st.wMonth, st.wDay);
return 0;
}
lab3/Domain Generation Algorithm Reverse Engineering.docx
Scenario:
The university has caught a malware operator on campus and found a domain generating algorithm (DGA) on the campus-owned computer which this person was using. The campus has asked you to figure out how it works so that they can potentially use the command and control server for research like is described here in the attached pdf. (Attached in folder)
The file you will need to figure out is here (this is written in the computer language C, not malware) (this file is attached in folder).
One way to find out how something works is using IDA in Kali Linux information about kali can be found here: kali.org. Some basic stuff about IDA can be found here:
http://securityxploded.com/reversing-basics-ida-pro.php (Links to an external site.). These resources will not be sufficient to get you all the way through the lab, because they were not designed as a step by step walkthrough of the lab, you will need to take the knowledge from these resources and others that you find to complete the lab.
I attached the exe file. You have to unzip the file. The exe file has to be run from command line (in a SAFE environment i.e. a virtual machine).
When reverse engineering the exe file, you should be looking at _dga/dga function. You can use IDA Pro. (The .exe file is attached in folder)
For this lab, you will need to: find out what you can from the files attached, following a lab report format outlined which is abstract, discussion, and conclusion. Take a lot of screenshots
lab3/stone-gross+cova+cavallaro+gilbert+szydlowski+kemmerer+kruegel+vigna+yourBotnetIsMyBotnet.pdf
Your Botnet is My Botnet: Analysis of a Botnet Takeover
Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski,
Richard Kemmerer, Christopher Kruegel, and Giovanni Vigna
Department of Computer Science, University of California, Santa Barbara
{bstone,marco,sullivan,rgilbert,msz,kemm,chris,vigna}@cs.ucsb.edu
ABSTRACT
Botnets, networks of malware-infected machines that are controlled
by an adversary, are the root cause of a large number of security
problems on the Internet. A particularly sophisticated and insidi-
ous type of bot is Torpig, a malware program that is designed to
harvest sensitive information (such as bank account and credit card
data) from its victims. In this paper, we report on our effo ...
Lab3/code.c
#include <stdio.h>
#include <stdlib.h>
#include <windows.h>
#include <wchar.h>
void dga(int year, int month, int day)
{
char alphabets[]={'a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'};
printf("domain is syn-%c%c%c.com\n",alphabets[year-2000],alphabets[month*2],alphabets[10]);
}
int main()
{
char test[]="Simple DGA example for CIT406";
SYSTEMTIME st;
GetLocalTime(&st);
dga(st.wYear, st.wMonth, st.wDay);
return 0;
}
Lab3/Lab 3.docx
Lab 3 Domain Generation Algorithm Reverse Engineering
Scenario:
The university has caught a malware operator on campus and found a domain generating algorithm (DGA) on the campus-owned computer which this person was using. The campus has asked you to figur out how it works so that they can potentially use the command and control server for research like is described here in the attached pdf. (PDF attached it the folder called stone-gross)
The file you will need to figure out is here (this is written in the computer language C, not malware)
(this file is attached in the folder called code.c)
One way to find out how something works is using IDA in Kali Linux information about kali can be found here: kali.org. Some basic stuff about IDA can be found here: http://securityxploded.com/reversing-basics-ida-pro.php (Links to an external site.). These resources will not be sufficient to get you all the way through the lab, because they were not designed as a step by step walkthrough of the lab, you will need to take the knowledge from these resources and others that you find to complete the lab.
I attached the exe file. You have to unzip the file. The exe file has to be run from command line (in a SAFE environment i.e. a virtual machine).
When reverse engineering the exe file, you should be looking at _dga/dga function. You can use IDA Pro.
For this lab, you will need to: find out what you can from the files attached, following a lab report format outlined in lab 2. Take a lot of screenshots.
Lab3/Lab 4.docx
You will need to download the Kali 2.0 iso from kali.org and create a virtual machine in Virtualbox. Create a virtual machine with INTERNAL networking (tHIS IS IMPORTANT for the security of your network) using the Kali live iso.
Then you will need to look on the Penetration Tester Academy (or pentester academy) for an iso with vulnerable web applications OR find DVL (Damn Vulnerable Linux) from distrowatch.com. With this iso, create a second VM with INTERNAL networking ONLY (for the security of your network).
- Take screenshots (with a notepad file open in the background with your name).
- Exploit the vulnerable VM (whether you are using the vulnerable web applications or a vulnerable virtual machine) in at least 2 different ways: 1 should be remote code execution or Cross-Site Scripting (also CSS or XSS).
Lab3/stone-gross.pdf
Your Botnet is My Botnet: Analysis of a Botnet ...
Botnet detection using ensemble classifiers of network flow IJECEIAES
Recently, Botnets have become a common tool for implementing and transferring various malicious codes over the Internet. These codes can be used to execute many malicious activities including DDOS attack, send spam, click fraud, and steal data. Therefore, it is necessary to use Modern technologies to reduce this phenomenon and avoid them in advance in order to differentiate the Botnets traffic from normal network traffic. In this work, ensemble classifier algorithms to identify such damaging botnet traffic. We experimented with different ensemble algorithms to compare and analyze their ability to classify the botnet traffic from the normal traffic by selecting distinguishing features of the network traffic. Botnet Detection offers a reliable and cheap style for ensuring transferring integrity and warning the risks before its occurrence.
Botnet Detection in Online-social NetworkRubal Sagwal
Botnet, Bot master, Command and Control Server, States for Bots, Types of attacks, most wanted bots, Botnet life cycle, botnet topology, Social botnet.
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IJNSA Journal
The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address the flooding attack of DDoS against ITM monitors to exhaust the network resources, such as bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. One possible way to counter DDoS attacks is to trace the attack sources and punish the perpetrators. we propose a novel traceback method for DDoS using Honeypots. IP tracing through honeypot is a single packet tracing method and is more efficient than commonly used packet marking techniques.
Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Bo...Editor IJCATR
Among the various forms of malware attacks such as Denial of service, Sniffer, Buffer overflows are the most dreaded threats to computer networks. These attacks are known as botnet attacks and self-propagating in nature and act as an agent or user interface to control the computers which they attack. In the process of controlling a malware, Bot header(s) use a program to control remote systems through internet with the help of zombie systems. Botnets are collection of compromised computers (Bots) which are remotely controlled by its originator (Bot-Master) under a common Command-and-Control (C&C) structure. A server commands to the bot and botnet and receives the reports from the bot. The bots use Trojan horses and subsequently communicate with a central server using IRC. Botnet employs different techniques like Honeypot, communication protocols (e.g. HTTP and DNS) to intrude in new systems in different stages of their lifecycle. Therefore, identifying the botnets has become very challenging; because the botnets are upgrading their methods periodically for affecting the networks. Here, the focus on addressing the botnet detection problem in an Enterprise Network
This research introduces novel Solution to mitigate the malicious activities of Botnet attacks through the Principle of component analysis of each traffic data, measurement and countermeasure selection mechanism called Malware Hunter. This system is built on attack graph-based analytical models based on classification process and reconfigurable through update solutions to virtual network-based countermeasures.
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetIDES Editor
A System state in HTTP botnet uses HTTP protocol
for the creation of chain of Botnets thereby compromising
other systems. By using HTTP protocol and port number 80,
attacks can not only be hidden but also pass through the
firewall without being detected. The DPR based detection
leads to better analysis of botnet attacks [3]. However, it
provides only probabilistic detection of the attacker and also
time consuming and error prone. This paper proposes a Genetic
algorithm based layered approach for detecting as well as
preventing botnet attacks. The paper reviews p2p firewall
implementation which forms the basis of filtering.
Performance evaluation is done based on precision, F-value
and probability. Layered approach reduces the computation
and overall time requirement [7]. Genetic algorithm promises
a low false positive rate.
Text Mining in Digital Libraries using OKAPI BM25 ModelEditor IJCATR
The emergence of the internet has made vast amounts of information available and easily accessible online. As a result, most libraries have digitized their content in order to remain relevant to their users and to keep pace with the advancement of the internet. However, these digital libraries have been criticized for using inefficient information retrieval models that do not perform relevance ranking to the retrieved results. This paper proposed the use of OKAPI BM25 model in text mining so as means of improving relevance ranking of digital libraries. Okapi BM25 model was selected because it is a probability-based relevance ranking algorithm. A case study research was conducted and the model design was based on information retrieval processes. The performance of Boolean, vector space, and Okapi BM25 models was compared for data retrieval. Relevant ranked documents were retrieved and displayed at the OPAC framework search page. The results revealed that Okapi BM 25 outperformed Boolean model and Vector Space model. Therefore, this paper proposes the use of Okapi BM25 model to reward terms according to their relative frequencies in a document so as to improve the performance of text mining in digital libraries.
Green Computing, eco trends, climate change, e-waste and eco-friendlyEditor IJCATR
This study focused on the practice of using computing resources more efficiently while maintaining or increasing overall performance. Sustainable IT services require the integration of green computing practices such as power management, virtualization, improving cooling technology, recycling, electronic waste disposal, and optimization of the IT infrastructure to meet sustainability requirements. Studies have shown that costs of power utilized by IT departments can approach 50% of the overall energy costs for an organization. While there is an expectation that green IT should lower costs and the firm’s impact on the environment, there has been far less attention directed at understanding the strategic benefits of sustainable IT services in terms of the creation of customer value, business value and societal value. This paper provides a review of the literature on sustainable IT, key areas of focus, and identifies a core set of principles to guide sustainable IT service design.
Policies for Green Computing and E-Waste in NigeriaEditor IJCATR
Computers today are an integral part of individuals’ lives all around the world, but unfortunately these devices are toxic to the environment given the materials used, their limited battery life and technological obsolescence. Individuals are concerned about the hazardous materials ever present in computers, even if the importance of various attributes differs, and that a more environment -friendly attitude can be obtained through exposure to educational materials. In this paper, we aim to delineate the problem of e-waste in Nigeria and highlight a series of measures and the advantage they herald for our country and propose a series of action steps to develop in these areas further. It is possible for Nigeria to have an immediate economic stimulus and job creation while moving quickly to abide by the requirements of climate change legislation and energy efficiency directives. The costs of implementing energy efficiency and renewable energy measures are minimal as they are not cash expenditures but rather investments paid back by future, continuous energy savings.
Performance Evaluation of VANETs for Evaluating Node Stability in Dynamic Sce...Editor IJCATR
Vehicular ad hoc networks (VANETs) are a favorable area of exploration which empowers the interconnection amid the movable vehicles and between transportable units (vehicles) and road side units (RSU). In Vehicular Ad Hoc Networks (VANETs), mobile vehicles can be organized into assemblage to promote interconnection links. The assemblage arrangement according to dimensions and geographical extend has serious influence on attribute of interaction .Vehicular ad hoc networks (VANETs) are subclass of mobile Ad-hoc network involving more complex mobility patterns. Because of mobility the topology changes very frequently. This raises a number of technical challenges including the stability of the network .There is a need for assemblage configuration leading to more stable realistic network. The paper provides investigation of various simulation scenarios in which cluster using k-means algorithm are generated and their numbers are varied to find the more stable configuration in real scenario of road.
Optimum Location of DG Units Considering Operation ConditionsEditor IJCATR
The optimal sizing and placement of Distributed Generation units (DG) are becoming very attractive to researchers these days. In this paper a two stage approach has been used for allocation and sizing of DGs in distribution system with time varying load model. The strategic placement of DGs can help in reducing energy losses and improving voltage profile. The proposed work discusses time varying loads that can be useful for selecting the location and optimizing DG operation. The method has the potential to be used for integrating the available DGs by identifying the best locations in a power system. The proposed method has been demonstrated on 9-bus test system.
Analysis of Comparison of Fuzzy Knn, C4.5 Algorithm, and Naïve Bayes Classifi...Editor IJCATR
Early detection of diabetes mellitus (DM) can prevent or inhibit complication. There are several laboratory test that must be done to detect DM. The result of this laboratory test then converted into data training. Data training used in this study generated from UCI Pima Database with 6 attributes that were used to classify positive or negative diabetes. There are various classification methods that are commonly used, and in this study three of them were compared, which were fuzzy KNN, C4.5 algorithm and Naïve Bayes Classifier (NBC) with one identical case. The objective of this study was to create software to classify DM using tested methods and compared the three methods based on accuracy, precision, and recall. The results showed that the best method was Fuzzy KNN with average and maximum accuracy reached 96% and 98%, respectively. In second place, NBC method had respective average and maximum accuracy of 87.5% and 90%. Lastly, C4.5 algorithm had average and maximum accuracy of 79.5% and 86%, respectively.
Web Scraping for Estimating new Record from Source SiteEditor IJCATR
Study in the Competitive field of Intelligent, and studies in the field of Web Scraping, have a symbiotic relationship mutualism. In the information age today, the website serves as a main source. The research focus is on how to get data from websites and how to slow down the intensity of the download. The problem that arises is the website sources are autonomous so that vulnerable changes the structure of the content at any time. The next problem is the system intrusion detection snort installed on the server to detect bot crawler. So the researchers propose the use of the methods of Mining Data Records and the method of Exponential Smoothing so that adaptive to changes in the structure of the content and do a browse or fetch automatically follow the pattern of the occurrences of the news. The results of the tests, with the threshold 0.3 for MDR and similarity threshold score 0.65 for STM, using recall and precision values produce f-measure average 92.6%. While the results of the tests of the exponential estimation smoothing using ? = 0.5 produces MAE 18.2 datarecord duplicate. It slowed down to 3.6 datarecord from 21.8 datarecord results schedule download/fetch fix in an average time of occurrence news.
Evaluating Semantic Similarity between Biomedical Concepts/Classes through S...Editor IJCATR
Most of the existing semantic similarity measures that use ontology structure as their primary source can measure semantic similarity between concepts/classes using single ontology. The ontology-based semantic similarity techniques such as structure-based semantic similarity techniques (Path Length Measure, Wu and Palmer’s Measure, and Leacock and Chodorow’s measure), information content-based similarity techniques (Resnik’s measure, Lin’s measure), and biomedical domain ontology techniques (Al-Mubaid and Nguyen’s measure (SimDist)) were evaluated relative to human experts’ ratings, and compared on sets of concepts using the ICD-10 “V1.0” terminology within the UMLS. The experimental results validate the efficiency of the SemDist technique in single ontology, and demonstrate that SemDist semantic similarity techniques, compared with the existing techniques, gives the best overall results of correlation with experts’ ratings.
Semantic Similarity Measures between Terms in the Biomedical Domain within f...Editor IJCATR
The techniques and tests are tools used to define how measure the goodness of ontology or its resources. The similarity between biomedical classes/concepts is an important task for the biomedical information extraction and knowledge discovery. However, most of the semantic similarity techniques can be adopted to be used in the biomedical domain (UMLS). Many experiments have been conducted to check the applicability of these measures. In this paper, we investigate to measure semantic similarity between two terms within single ontology or multiple ontologies in ICD-10 “V1.0” as primary source, and compare my results to human experts score by correlation coefficient.
A Strategy for Improving the Performance of Small Files in Openstack Swift Editor IJCATR
This is an effective way to improve the storage access performance of small files in Openstack Swift by adding an aggregate storage module. Because Swift will lead to too much disk operation when querying metadata, the transfer performance of plenty of small files is low. In this paper, we propose an aggregated storage strategy (ASS), and implement it in Swift. ASS comprises two parts which include merge storage and index storage. At the first stage, ASS arranges the write request queue in chronological order, and then stores objects in volumes. These volumes are large files that are stored in Swift actually. During the short encounter time, the object-to-volume mapping information is stored in Key-Value store at the second stage. The experimental results show that the ASS can effectively improve Swift's small file transfer performance.
Integrated System for Vehicle Clearance and RegistrationEditor IJCATR
Efficient management and control of government's cash resources rely on government banking arrangements. Nigeria, like many low income countries, employed fragmented systems in handling government receipts and payments. Later in 2016, Nigeria implemented a unified structure as recommended by the IMF, where all government funds are collected in one account would reduce borrowing costs, extend credit and improve government's fiscal policy among other benefits to government. This situation motivated us to embark on this research to design and implement an integrated system for vehicle clearance and registration. This system complies with the new Treasury Single Account policy to enable proper interaction and collaboration among five different level agencies (NCS, FRSC, SBIR, VIO and NPF) saddled with vehicular administration and activities in Nigeria. Since the system is web based, Object Oriented Hypermedia Design Methodology (OOHDM) is used. Tools such as Php, JavaScript, css, html, AJAX and other web development technologies were used. The result is a web based system that gives proper information about a vehicle starting from the exact date of importation to registration and renewal of licensing. Vehicle owner information, custom duty information, plate number registration details, etc. will also be efficiently retrieved from the system by any of the agencies without contacting the other agency at any point in time. Also number plate will no longer be the only means of vehicle identification as it is presently the case in Nigeria, because the unified system will automatically generate and assigned a Unique Vehicle Identification Pin Number (UVIPN) on payment of duty in the system to the vehicle and the UVIPN will be linked to the various agencies in the management information system.
Assessment of the Efficiency of Customer Order Management System: A Case Stu...Editor IJCATR
The Supermarket Management System deals with the automation of buying and selling of good and services. It includes both sales and purchase of items. The project Supermarket Management System is to be developed with the objective of making the system reliable, easier, fast, and more informative.
Energy-Aware Routing in Wireless Sensor Network Using Modified Bi-Directional A*Editor IJCATR
Energy is a key component in the Wireless Sensor Network (WSN)[1]. The system will not be able to run according to its function without the availability of adequate power units. One of the characteristics of wireless sensor network is Limitation energy[2]. A lot of research has been done to develop strategies to overcome this problem. One of them is clustering technique. The popular clustering technique is Low Energy Adaptive Clustering Hierarchy (LEACH)[3]. In LEACH, clustering techniques are used to determine Cluster Head (CH), which will then be assigned to forward packets to Base Station (BS). In this research, we propose other clustering techniques, which utilize the Social Network Analysis approach theory of Betweeness Centrality (BC) which will then be implemented in the Setup phase. While in the Steady-State phase, one of the heuristic searching algorithms, Modified Bi-Directional A* (MBDA *) is implemented. The experiment was performed deploy 100 nodes statically in the 100x100 area, with one Base Station at coordinates (50,50). To find out the reliability of the system, the experiment to do in 5000 rounds. The performance of the designed routing protocol strategy will be tested based on network lifetime, throughput, and residual energy. The results show that BC-MBDA * is better than LEACH. This is influenced by the ways of working LEACH in determining the CH that is dynamic, which is always changing in every data transmission process. This will result in the use of energy, because they always doing any computation to determine CH in every transmission process. In contrast to BC-MBDA *, CH is statically determined, so it can decrease energy usage.
Security in Software Defined Networks (SDN): Challenges and Research Opportun...Editor IJCATR
In networks, the rapidly changing traffic patterns of search engines, Internet of Things (IoT) devices, Big Data and data centers has thrown up new challenges for legacy; existing networks; and prompted the need for a more intelligent and innovative way to dynamically manage traffic and allocate limited network resources. Software Defined Network (SDN) which decouples the control plane from the data plane through network vitalizations aims to address these challenges. This paper has explored the SDN architecture and its implementation with the OpenFlow protocol. It has also assessed some of its benefits over traditional network architectures, security concerns and how it can be addressed in future research and related works in emerging economies such as Nigeria.
Measure the Similarity of Complaint Document Using Cosine Similarity Based on...Editor IJCATR
Report handling on "LAPOR!" (Laporan, Aspirasi dan Pengaduan Online Rakyat) system depending on the system administrator who manually reads every incoming report [3]. Read manually can lead to errors in handling complaints [4] if the data flow is huge and grows rapidly, it needs at least three days to prepare a confirmation and it sensitive to inconsistencies [3]. In this study, the authors propose a model that can measure the identities of the Query (Incoming) with Document (Archive). The authors employed Class-Based Indexing term weighting scheme, and Cosine Similarities to analyse document similarities. CoSimTFIDF, CoSimTFICF and CoSimTFIDFICF values used in classification as feature for K-Nearest Neighbour (K-NN) classifier. The optimum result evaluation is pre-processing employ 75% of training data ratio and 25% of test data with CoSimTFIDF feature. It deliver a high accuracy 84%. The k = 5 value obtain high accuracy 84.12%
Hangul Recognition Using Support Vector MachineEditor IJCATR
The recognition of Hangul Image is more difficult compared with that of Latin. It could be recognized from the structural arrangement. Hangul is arranged from two dimensions while Latin is only from the left to the right. The current research creates a system to convert Hangul image into Latin text in order to use it as a learning material on reading Hangul. In general, image recognition system is divided into three steps. The first step is preprocessing, which includes binarization, segmentation through connected component-labeling method, and thinning with Zhang Suen to decrease some pattern information. The second is receiving the feature from every single image, whose identification process is done through chain code method. The third is recognizing the process using Support Vector Machine (SVM) with some kernels. It works through letter image and Hangul word recognition. It consists of 34 letters, each of which has 15 different patterns. The whole patterns are 510, divided into 3 data scenarios. The highest result achieved is 94,7% using SVM kernel polynomial and radial basis function. The level of recognition result is influenced by many trained data. Whilst the recognition process of Hangul word applies to the type 2 Hangul word with 6 different patterns. The difference of these patterns appears from the change of the font type. The chosen fonts for data training are such as Batang, Dotum, Gaeul, Gulim, Malgun Gothic. Arial Unicode MS is used to test the data. The lowest accuracy is achieved through the use of SVM kernel radial basis function, which is 69%. The same result, 72 %, is given by the SVM kernel linear and polynomial.
Application of 3D Printing in EducationEditor IJCATR
This paper provides a review of literature concerning the application of 3D printing in the education system. The review identifies that 3D Printing is being applied across the Educational levels [1] as well as in Libraries, Laboratories, and Distance education systems. The review also finds that 3D Printing is being used to teach both students and trainers about 3D Printing and to develop 3D Printing skills.
Survey on Energy-Efficient Routing Algorithms for Underwater Wireless Sensor ...Editor IJCATR
In underwater environment, for retrieval of information the routing mechanism is used. In routing mechanism there are three to four types of nodes are used, one is sink node which is deployed on the water surface and can collect the information, courier/super/AUV or dolphin powerful nodes are deployed in the middle of the water for forwarding the packets, ordinary nodes are also forwarder nodes which can be deployed from bottom to surface of the water and source nodes are deployed at the seabed which can extract the valuable information from the bottom of the sea. In underwater environment the battery power of the nodes is limited and that power can be enhanced through better selection of the routing algorithm. This paper focuses the energy-efficient routing algorithms for their routing mechanisms to prolong the battery power of the nodes. This paper also focuses the performance analysis of the energy-efficient algorithms under which we can examine the better performance of the route selection mechanism which can prolong the battery power of the node
Comparative analysis on Void Node Removal Routing algorithms for Underwater W...Editor IJCATR
The designing of routing algorithms faces many challenges in underwater environment like: propagation delay, acoustic channel behaviour, limited bandwidth, high bit error rate, limited battery power, underwater pressure, node mobility, localization 3D deployment, and underwater obstacles (voids). This paper focuses the underwater voids which affects the overall performance of the entire network. The majority of the researchers have used the better approaches for removal of voids through alternate path selection mechanism but still research needs improvement. This paper also focuses the architecture and its operation through merits and demerits of the existing algorithms. This research article further focuses the analytical method of the performance analysis of existing algorithms through which we found the better approach for removal of voids
Decay Property for Solutions to Plate Type Equations with Variable CoefficientsEditor IJCATR
In this paper we consider the initial value problem for a plate type equation with variable coefficients and memory in
1 n R n ), which is of regularity-loss property. By using spectrally resolution, we study the pointwise estimates in the spectral
space of the fundamental solution to the corresponding linear problem. Appealing to this pointwise estimates, we obtain the global
existence and the decay estimates of solutions to the semilinear problem by employing the fixed point theorem
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Guarding Against Large-Scale Scrabble In Social Network
1. International Journal of Computer Applications Technology and Research
Volume 3– Issue 12, 795 - 798, 2014, ISSN:- 2319–8656
www.ijcat.com 795
Guarding Against Large-Scale Scrabble In Social
Network
Geerthidevi K G
Shree Venkateshwara Hi-Tech
Engineering College
Gobi, India
Dr. T. Senthil Prakash
Shree Venkateshwara Hi-Tech
Engineering College
Gobi, India
Prakadeswaran M.E
Shree Venkateshwara Hi-Tech
Engineering College
Gobi, India
Abstract: Generally, the botnet is one of the most dangerous threats in the network. It has number attackers in the network. The
attacker consists of DDOS attack, remote attack, etc., Bots perform perform repetitive tasks automatically or on a schedule over the
internet, tasks that would be too mundane or time-consuming for an actual person. But the botnets have stealthy behavior as they are
very difficult to identify. These botnets have to be identified and the internet have to be protected. Also the the activity of botnets must
be prevented to provide the users, a reliable service. The past of botnet detection has a transaction process which is not secure. A
efficient stastical data classifier is required to train the botent preventions system. To provide the above features clustering based
analysis is done. our approach can detect and profile various P2P applications rather than identifying a specific P2P application.
Anomaly based detection technique is used to obtain this goal.
Keywords: Botnet, anomaly base detection, hash function, DDOS
1. INTRODUCTION
A botnet is a collection of Internet-connected programs
communicating with other similar programs in order to
perform tasks. Botnets sometimes compromise computers
whose security defenses have been breached and control
conceded to a third party. [1]It is remotely controlled by an
attacker through a command and control (C&C) channel.
Botnets serve as the infrastructures responsible for a variety of
cyber-crimes, such as spamming, distributed denial of-service
(DDoS) attacks, identity theft, click fraud, etc. The C&C
channel is an essential component of a botnet because
botmasters rely on the C&C channel to issue commands to
their bots and receive information from the compromised
machines.
Bots perform perform repetitive tasks automatically or on a
schedule over the internet, tasks that would be too mundane or
time-consuming for an actual person. Search engines use
them to surf the web and methodically catalogue information
from websites, trading sites make them look for the best
bargains in seconds, and some websites and services employ
them to deliver important information like weather conditions,
news and sports, currency exchange rates.
Unfortunately, not all bots roaming the internet are useful and
harmless. Cyber crooks have also noticed their potential and
have come up with malicious bots – programs designed to
secretly install themselves on unprotected or vulnerable
computers and carry out whatever actions they demand. And
that could be anything from sending spam to participating in a
distributed denial of service attack (DDoS) that brings down
entire websites
Once infected, your computer becomes part of a botnet – a
network of infected or zombie-computers controlled from the
distance by a cybercriminal who rented it to carry out his
illegal plans. So not only is your computer infected and
your internet security compromised, but your system
resources and your bandwidth are rented out to the highest
bidder to help them attack other unsuspecting users or even
legitimate businesses. This huge potential for cybercrime
makes these botnets what some security experts believe to be
the most dangerous threat on the internet today.
Such networks comprising hundreds or thousands of infected
devices have the resources needed to perform high-scale
malicious actions such as: (1) Mass-spam delivery that floods
millions of inboxes in a matter of seconds (2) DoS and DDoS
attacks that crash entire websites and can put legitimate
businesses in serious trouble (3) Brute-force hacking attacks
by cracking passwords and other internet security measures
(4) Identity theft and internet fraud by collecting private
information from infected users
Bots can sneak up on you in many ways. They can use the
vulnerabilities and outdated software in your system to infect
it while you‟re casually surfing the web. They can be
delivered by Trojans or questionable software you get tricked
into downloading (like rogue antivirus programs). Or they can
be sent directly to your inbox as an email attachment by
spammers.
Botnets perform many malicious activity in internet like
sending spams to emails, increasing network traffic and even
takes control of the system by running Trojans. But the
botnets have stealthy behavior as they are very difficult to
identify. These botnets have to be identified and the internet
have to be protected. The information shared in social media
are sensitive and personal. Hence the activity of botnets must
be prevented to provide the users, a reliable service.
To provide the above features clustering based analysis is
done. our approach can detect and profile various P2P
applications rather than identifying a specific P2P application.
Anomaly based detection technique is used to obtain this goal.
2. RELATED WORKS
Many approaches have been proposed to detect botnets have
been proposed. For example, BotMiner [7] identifies a group
of hosts as bots belonging to the same botnet if they share
similar communication patterns and meanwhile perform
similar malicious activities, such as scanning, spamming,
2. International Journal of Computer Applications Technology and Research
Volume 3– Issue 12, 795 - 798, 2014, ISSN:- 2319–8656
www.ijcat.com 796
exploiting, etc.[4] Unfortunately, the malicious activities may
be stealthy and non-observable A efficient stastical data
classifier is required to train the botent preventions system.
Acquiring such information is a challenging task, thereby
drastically limiting the practical use of these methods. Some
of the older approach involves content signature, encryptions,
profiling, fixed source port. our approach does not need any
content signature. our analysis approach can estimate the
active time of a P2P application, which is critical for botnet
detection
3. SYSTEM DESIGN
A Botmaster has to be designed with P2P protocol.
Therefore P2P bots exhibit some network traffic patterns that
are common to other P2P client applications either legitimate
or malicious. Hence our system is divided into two phases. In
the first phase, we aim at detecting all hosts within the
monitored network that engage in P2P communications. We
analyze raw traffic collected at the edge of the monitored
network and apply a pre-filtering step to discard network
flows that are unlikely to be generated by P2P[1]. We then
analyze the remaining traffic and extract a number of
statistical features to identify flows generated by P2P clients.
In the second phase, our system analyzes the traffic generated
by the P2P clients and classifies them into either legitimate
P2P clients or P2P bots. Specifically, we investigate the active
time of a P2P client and identify it as a candidate P2P bot if it
is persistently active on the underlying host. We further
analyze the overlap of peers contacted by two candidate P2P
bots to finalize detection. After analyzing with the use of
anomaly based detection algorithm the network has to be
revoked from malwares.
Fig 1: System architecture
3.1 Detecting P2P client
Traffic filter is used to sort out th traffic which is unlikely to
P2P networks. In this first phase, fine grained detection of
P2P botenets is implemented. This component is responsible
for detecting P2P clients by analyzing the remaining network
flows after the Traffic Filter component. For each host h
within the monitored network we identify two flow sets,
denoted as Stcp(h) and Sudp(h), which contain the flows
related to successful outgoing TCP and UDP[6] connection,
respectively.
To identify flows corresponding to P2P control messages,we
first apply a flow clustering process intended to group
together similar flows for each candidate P2P node h. Given
sets of flows Stcp(h) and Sudp(h), we characterize each flow
using a vector of statistical features v(h) = [Pkts , Pktr , Bytes
, Byter ], in which Pkts and Pktr represent the number of
packets sent and received, and Bytes and Byter represent the
number of bytes sent and received, respectively.
The distance between two flows is subsequently defined as
the euclidean distance of their two corresponding vectors. We
then apply a clustering algorithm to partition the set of flows
into a number of clusters. Each of the obtained clusters of
flows, Cj (h), represents a group of flows with similar size.
Flows corresponding to ping/pong and peer-discovery share
similar sizes, and hence they are grouped into two clusters
(FC1 and FC2), respectively. Since the number of destination
BGP prefixes involved in each cluster is larger, we take FC1
and FC2 as its fingerprint clusters. A fingerprint cluster
summary, (Pkts , Pktr , Bytes , Byter , proto), represents the
protocol and the average number of sent/received
packets/bytes for all the flows in this fingerprint cluster. We
implemented the flow analysis component and identified
fingerprint cluster for the sample P2P traces including two
traces.
3.2 Detecting P2P bots
To detect the bots coarse grained detection method is used.
Since bots are malicious programs used to perform profitable
malicious activities, they represent valuable assets for the
botmaster, who will intuitively try to maximize utilization of
bots. This is particularly true for P2P bots[5] because in order
to have a functional overlay network (the botnet), a sufficient
number of peers needs to be always online. In other words,
the active time of a bot should be comparable with the active
time of the underlying compromised system.
The distance between each pair of hosts is computed. We
apply hierarchical clustering, and group together hosts
according to the distance defined above. In practice the
hierarchical clustering algorithm will produce a dendrogram
(a tree-like data structure). The dendrogram expresses the
“relationship” between hosts. The closer two hosts are, the
lower they are connected at in the dendrogram. Two P2P bots
in the same botnet should have small distance and thus are
connected at lower level. In contrast, legitimate P2P
applications tend to have large distances and consequently are
connected at the upper level. We then classify hosts in dense
clusters as P2P bots, and discard all other clusters and the
related hosts, which we classify as legitimate P2P clients.
4. SYSTEM IMPLEMENTATION
Out of four components in our system, “Traffic Filter” and
“Coarse-Grained Detection of P2P Bots” have linear
complexity since they need to scan flows only once to identify
flows with destination addresses resolved from DNS queries
or calculate the active time. Other two components, “Fine-
Grained Detection of P2P Clients” and “Fine-Grained P2P
Detection of P2P Bots”, require pairwise comparison for
distance calculation
We use a two-step clustering approach to reduce the time
complexity of “Fine-Grained P2P Client Detection”. For the
first-step clustering, we use an efficient clustering algorithm
to aggregate network flows into K sub-clusters, and each
subcluster contains flows that are very similar to each other.
For the second-step clustering, we investigate the global
Detecting P2P
clients
Detecting
P2P BotsBots
Traffic filter
Network traffic
Revoking from
malware
3. International Journal of Computer Applications Technology and Research
Volume 3– Issue 12, 795 - 798, 2014, ISSN:- 2319–8656
www.ijcat.com 797
distribution of sub-clusters and further group similar sub-
clusters into clusters.
The distance of two flows is defined as the Euclidean distance
of their corresponding vectors, where each vector [Pkts , Pktr ,
Bytes , Byter ] represents the number of packets/ bytes that
are sent/received in a flow.
For the second-step clustering, we use hierarchical clustering
with DaviesBouldin validation[8] to group sub-clusters into
clusters. Each sub-cluster is represented using a vector ([Pkts ,
Pktr , Bytes , Byter ]), which is essentially the average for all
flow vectors in this sub-cluster.
Hierarchical clustering is used to build a dendrogram. Finally,
DaviesBouldin validation is employed to assess the global
distribution of inter- and intra-cluster distances of clusters
based on various clustering decisions and yield the best cut for
the dendrogram. The two-step clustering algorithm has the
time complexity of O(nK I + K2).
4.1 Modules
The goal of guarding the large scale scrabble in social
network is implemented by the following modules,
4.1.1 User Interface Design
The user interaction is effective operation and control of the
machine on the user„s. The user interface module has login
and registration phases. The registration phase gets details
from user and stores it in database. It also checks the details
are valid or not.
4.1.2 Implementing peer network
The peer network contain decentralized networks. All the
nodes contains separate IP address and separate port number.
The peer one node have stored separate list of files which in
the global respository.
4.1.3 Botnet minor approach
The global respository contains the decentralized network
details. The botnet minor store and reteive the information
about port and IP details from the database. Identification
scenario always visible botnet minor. If any dispute in the
identification scenario overall network may be crashed.
4.1.4 Attacking model of Malware
Botnet minor contain all the details about the peer network.
The botnet minor handles all the request processed by the
decentralized network. The botnet major attack decentralized
scenario spread the warm data to the peer network. The node
connected with the attacked node that specific node also get
the warm data.
4.1.5 Revoking the network from Malware
Data matching have the law data and the original data. The
proposed technical approach can identify the warm data it is
spreaded by the botnet. Revoke the original data instead of
warm data it can identify the problem and revoke the botnet
minor from the attacking model.
5. EXPERIMENTAL RESULTS
We prepared a data set (D) for evaluation. Specifically, we
randomly selected half [8] of the P2P bots from NETbots
.Then for each of the 5 P2P applications we ran, we randomly
selected one out of its two traces from NETP2P and overlaid
its traffic to the traffic of a randomly selected host We applied
our detection system on data set D. The traffic filter
drastically reduced the workload for the whole system. As
indicated in Figure 4, it reduced the number of hosts subject to
analysis by 67% (from 953 to 316) but retained all P2P
clients.
Among 26 P2P clients identified in the previous step, 25 out
of them exhibit persistent P2P behaviors. We further evaluate
the similarity of fingerprint clusters and peer IPs for each pair
of persistent P2P clients and
derive a dendrogram.
If botmasters get to know about our detection algorithm, they
could attempt to modify other bots‟ network behavior to
evade detection. This situation is similar to evasion attacks
against other intrusion detection systems
6. CONCLUSION
To summarize, although our system greatly enhances and
complements the capabilities of existing P2P botnet detection
systems, it is not perfect. We should definitely strive to
develop more robust defense techniques, where the
aforementioned discussion outlines the potential
improvements of our system.
In this paper, we presented a novel botnet detection system
that is able to identify stealthy P2P botnets, whose malicious
activities may not be observable. To accomplish this task, we
derive statistical fingerprints of the P2P communications to
first detect P2P clients and further distinguish between those
that are part of legitimate P2P networks (e.g., filesharing
networks) and P2P bots. We also identify the performance
bottleneck of our system and optimize its scalability. The
evaluation results demonstrated that the proposed system
accomplishes high accuracy on detecting stealthy P2P bots
and great scalability.
User interface design
Implementing peer netwrok
Botnet minor approach
Attacking model of malware
Revoking from malware
4. International Journal of Computer Applications Technology and Research
Volume 3– Issue 12, 795 - 798, 2014, ISSN:- 2319–8656
www.ijcat.com 798
7. REFERENCES
[1] S. Stover, D. Dittrich, J. Hernandez, and S. Dietrich,
“Analysis of the storm and nugache trojans: P2P is here,” in
Proc. USENIX, vol. 32. 2007, pp. 18–27.
[2] Junjie Zhang, Roberto Perdisci, Wenke Lee, Xiapu Luo,
and Unum Sarfraz, “Building a Scalable System for Stealthy
P2P-Botnet Detection”, IEEE transactions on information
forensics and security, vol. 9, no. 1, january 2014
[3] Pratik Narang, Subhajit Ray, Chittaranjan Hota, Venkat
Venkatakrishnan, “PeerShark: Detecting Peer-to-Peer Botnets
by Tracking Conversations”,2014 IEEE Security and Privacy
Workshops
[4] P. Porras, H. Saidi, and V. Yegneswaran, “A multi-
perspective analysis of the storm (peacomm) worm,” Comput.
Sci. Lab., SRI Int., Menlo Park, CA, USA, Tech. Rep., 2007.
Authors:
[5] P. Porras, H. Saidi, and V. Yegneswaran. (2009).
Conficker C Analysis [Online]. Available:
http://mtc.sri.com/Conficker/addendumC/index.html
[6] G. Sinclair, C. Nunnery, and B. B. Kang, “The waledac
protocol: The how and why,” in Proc. 4th Int. Conf. Malicious
Unwanted Softw., Oct. 2009, pp. 69–77.
[7] G. Gu, R. Perdisci, J. Zhang, and W. Lee, “Botminer:
Clustering analysis of network traffic for protocol- and
structure-independent botnet detection,” in Proc. USENIX
Security, 2008, pp. 139–154.
[5] R. Lemos. (2006). Bot Software Looks to Improve
Peerage[Online]Available:http://www.securityfocus.com/new
s/11390
[6] Y. Zhao, Y. Xie, F. Yu, Q. Ke, and Y. Yu, “Botgraph:
Large scale spamming botnet detection,” in Proc. 6th
USENIX NSDI, 2009,
pp. 1–14.
[8] T.-F. Yen and M. K. Reiter, “Are your hosts trading or
plotting? Telling P2P file-sharing and bots apart,” in Proc.
ICDCS, Jun. 2010, pp. 241–252.
Ms. Geerthidevi K G, PG Scholar Currently persuing her M.E CSE degree in Shree Venkateshwara Hi-
Tech Engg College, Gobi, Tamilnadu , India. Her research interests include Networking, Network Security
etc.,
Dr.T.Senthil Prakash received the Ph.D. degree from the PRIST University, Thanjavur, India in 2013
and M.E(CSE) degree from Vinayaka Mission‟s University, Salem, India in 2007 and
M.Phil.,MCA.,B.Sc(CS) degrees from Bharathiyar University, Coimbatore India, in 2000,2003 and 2006
respectively, all in Computer Science and Engineering. He is a Member in ISTE New Delhi, India,
IAENG, Hong Kong..IACSIT, Singapore SDIWC, USA. He has the experience in Teaching of 10+Years
and in Industry 2 Years. Now He is currently working as a Professor and Head of the Department of Computer Science
and Engineering in Shree Venkateshwara Hi-Tech Engineering College, Gobi, Tamil Nadu, and India. His research
interests include Data Mining, Data Bases, Artificial Intelligence, Software Engineering etc.,He has published several
papers in 17 International Journals, 43 International and National Conferences.
Mr.S.Prakadeswaran, received the Bachelor of Engineering in Anna University,Chennai,Tamilnadu in
2008.He received the Master of Engineering in Anna University, Chennai, Tamilnadu in 2013. He has the
experience in Teaching of 6+Years. He is currently working as Assistant professor in Shree
Venkateshwara Hi Tech Engineering College, Gobichettipalayam, Tamilnadu. His research interest
includes Wireless Networks and Pervasive computing. He has published several papers in 4 International
Journals