A Test Bed for Detection of Botnet Infections in Low Data Rate Tactical Networks

Abstract

The propagation of bots into a botnet, and the various malicious activities that could be carried out from within a tactical network, poses a significant threat to network security and tactical operations. This thesis presents a network architecture with the objective of near real-time detection of malicious activity and its propagation within a data rate (bandwidth) limited environment with periodic losses of connectivity without adding significant burden to the network. A test bed is constructed that makes use of an intrusion detection system driven correlation tool, BotHunter, focused on outbound and inbound connections, rather than solely on inbound connections and a honeynet located in a high data rate area of a tactical network. The ability of the proposed architecture to identify malicious activities is validated when both BotHunter and the Honeynet successfully detect a bot infection.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2009
Accession Number
ADA508890

Entities

People

  • Russell W. Becker

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • C4I
  • Cyber

DTIC Thesaurus Topics

  • Anti-Virus Software
  • Command And Control
  • Computer Network Security
  • Computer Programs
  • Computers
  • Computing System Architectures
  • Cybersecurity
  • Graphical User Interface
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Local Area Networks
  • Malware
  • Network Architecture
  • Network Protocols
  • Operating Systems
  • Test Beds

Fields of Study

  • Computer science

Readers

  • Aerospace logistics and air mobility.
  • Cybersecurity.
  • Radio communications and signal processing.

Technology Areas

  • Cyber