Intrusion Detection Systems: Enhancing Network Security in the Digital Age

Abstract

In the era of cyber security threats, the botnet represents the extremely thoughtful threats being met by various organizations in recent times. It is reported that botnets are used to handle many cybercrimes recently. Though much research has been skilled in analyzing and detecting botnets, numerous challenges such as the ability to design detectors that deal with new forms of botnets stay unaddressed. In this thesis, I represent the work on the identification of Command & Control (2C) traffic of IRC-based botnets, HITP-based botnets, and P2P-based botnets using machine-learning-based classification techniques. Once identification of the bot is completed, the system will raise an alarm sound and also send a text note to the system administrator. The system administrator immediately performs the utmost needed security actions like blockage of the corresponding IP address, placing them under profound observation or interim over the same apprehensive network segments. The primary emphasis of this thesis is on, development of a system for the detection of P2P botnet from network traffic using 2 steps or phases namely P2P host detection and P2P botnet detection. The host-based approach is used for P2P host detection while P2P botnet detection uses a flow-based approach and accrued a combined accuracy of 99.98% for both phases. We also assessed the presence of the model developed on the offline network traffic and established a modest GUI-based engine that accepts the input as the host IP address and spots the hosts if any based on the botnet behavior. Based upon the key factors Bot Ransack is the system developed to detect IRC, HTTP, and P2P botnets. The results after several experiments illustrated the proposed system detects all the botnet IRC traffic and spots the affected hosts as well as the 2C server. During the implementation of Bot Ransack, the considered and finalized threshold values as 0.63, 0.61, and 0.62 for IRC botnet, HTTP botnet, and Peer to Peer botnet respectively for which the results showed earlier have illustrated the optimum performance which even compared with the earlier research work based on traditionally based botnet detection approaches. Even though there are other cyber-attacks taking place, one of the significant bot-based attacks is currently making headlines. The importance of botnets prompted researchers to study them and develop solutions to eliminate them. Peer-to-peer (P2P) architecture for botnets provides improved detection resistance over client-server architecture.