Accession Number:

ADA508890

Title:

A Test Bed for Detection of Botnet Infections in Low Data Rate Tactical Networks

Descriptive Note:

Master's thesis

Corporate Author:

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Personal Author(s):

Report Date:

2009-09-01

Pagination or Media Count:

79.0

Abstract:

The propagation of bots into a botnet, and the various malicious activities that could be carried out from within a tactical network, poses a significant threat to network security and tactical operations. This thesis presents a network architecture with the objective of near real-time detection of malicious activity and its propagation within a data rate bandwidth limited environment with periodic losses of connectivity without adding significant burden to the network. A test bed is constructed that makes use of an intrusion detection system driven correlation tool, BotHunter, focused on outbound and inbound connections, rather than solely on inbound connections and a honeynet located in a high data rate area of a tactical network. The ability of the proposed architecture to identify malicious activities is validated when both BotHunter and the Honeynet successfully detect a bot infection.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE