Please use this identifier to cite or link to this item: http://artemis.cslab.ece.ntua.gr:8080/jspui/handle/123456789/18725
Title: Comparison of Community Detection methods for Botnet Detection
Authors: Χατζή, Ήβη
Παπαβασιλείου Συμεών
Keywords: Botnets
Community Detection
Anomaly Detection
Network Security
Network Embedding
Issue Date: Jul-2023
Abstract: Botnets are groups of compromised Internet-connected devices that are controlled by a malicious actor. They are used to perform Distributed Denial-of-Service (DDoS) attacks, data theft, spam or click fraud. The widespread popularity of botnet-led attacks caused the development of botnet detection methods. One such approach combines statistical anomaly detection with social network community detection in order to identify compromised nodes in a network. The first stage of the method uses clean network traffic to learn an empirical distribution of normal traffic. This reference distribution is then compared to new traffic, and large deviations are deemed anomalous. The second stage processes the anomalous traffic based on the idea that the interactions of bot nodes are correlated, and creates a Social Correlation Graph (SCG). In the SCG bots are likely to form communities, so community detection is used to identify them. The aim of this thesis is to evaluate several different community detection algorithms on the final stage of the method, including Hyperbolic Girvan-Newman, an algorithm that utilises hyperbolic embedding in order to speed up calculations. The algorithms are compared based on their accuracy in identifying compromised nodes from three different botnet attacks, and the benefits and drawbacks of each case are analysed.
URI: http://artemis.cslab.ece.ntua.gr:8080/jspui/handle/123456789/18725
Appears in Collections:Διπλωματικές Εργασίες - Theses

Files in This Item:
File Description SizeFormat 
diplomatiki (1).pdf4.73 MBAdobe PDFView/Open


Items in Artemis are protected by copyright, with all rights reserved, unless otherwise indicated.