A Test Bed for Detection of Botnet Infections in Low Data Rate Tactical Networks
NAVAL POSTGRADUATE SCHOOL MONTEREY CA
Pagination or Media Count:
The propagation of bots into a botnet, and the various malicious activities that could be carried out from within a tactical network, poses a significant threat to network security and tactical operations. This thesis presents a network architecture with the objective of near real-time detection of malicious activity and its propagation within a data rate bandwidth limited environment with periodic losses of connectivity without adding significant burden to the network. A test bed is constructed that makes use of an intrusion detection system driven correlation tool, BotHunter, focused on outbound and inbound connections, rather than solely on inbound connections and a honeynet located in a high data rate area of a tactical network. The ability of the proposed architecture to identify malicious activities is validated when both BotHunter and the Honeynet successfully detect a bot infection.
- Computer Systems Management and Standards