Mason Archival Repository Service

Time Series Analysis for Botnet Detection

Show simple item record

dc.contributor.advisor Simon, Robert Henderson, Taylor
dc.creator Henderson, Taylor 2020-12-04 2021-09-28T00:28:46Z 2021-09-28T00:28:46Z
dc.description.abstract Cyber attacks are becoming more prevalent and increasingly threaten to have devastating consequences. Many of these attacks use multiple distributed devices controlled by a single person or group from a remote location, and are commonly referred to as botnet attacks. There are multiple reasons why botnet detection is challenging. First, botnets use covert communication measures and actively attempt to mask their communication. Second, the command and control (C&C) of these devices may not come from a single source but instead from peer to peer (P2P) bot communication. Third, network traffic is inherently very noisy and has high dimensionality both in the data's continuous nature and the number of variables. Finally, massive botnet data collections are generally incomplete, and real-world data is challenging to find. These factors complicate performing botnet data analytics through well-known approaches, such as time series analysis techniques. Recent results in topological data analysis (TDA) have shown great promise in analyzing noisy, large scale, and incomplete time series data sets. This thesis explores using TDA persistence landscapes (PL-TDA) to transform a multi-attribute time series into a single attribute time series, which can then be analyzed using existing time series/data mining techniques. We first perform a robustness analysis on existing PL-TDA computational methods in the presence of noise. We then propose an algorithm using plane-sweeping methods that decrease the PL-TDA runtime. This algorithm utilizes another result that demonstrates a linear-time approach to finding the top landscapes that appear when PLTDA is computed. Following that we show how to implement a processing pipeline for PL-TDA on botnet data. Finally we show that our new algorithms maintain accuracy while decreasing runtime. This work assists future network and systems researchers by giving them a new technique to effectively process network traffic analysis capturing the inherent topological properties. en_US
dc.language.iso en en_US
dc.subject time series analysis en_US
dc.subject topological data analysis en_US
dc.subject botnet detection en_US
dc.subject representative pattern matching en_US
dc.subject dimensionality reduction en_US
dc.title Time Series Analysis for Botnet Detection en_US
dc.type Thesis en_US Master of Science in Computer Science en_US Master's en_US Computer Science en_US George Mason University en_US

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search MARS


My Account