BotNets

Project Website: ---

BotNets

Start Date:
March of 2010

End Date:
February of 2012

Design and Implementation of a BotNet Detection System, financed by FCT. The main purpose of this project is the development of a laboratorial platform for the real time detection of botnets and subsequent counter-measures deployment. The proposed detection approach should be based on diverse information types: the historical traffic profile of network users, on mathematical traffic models that can accurately describe network traffic and/or user profiles, on traffic measurements that can be carried out on some specific probes and on artificial intelligence systems that can take some combination of inputs in order to generate a relevant output that can be used by the decision support system. Thus, the proposed platform should collect and store diverse network information that can be dispersed over several network components or obtained in a distributed way: (i) state variables and statistics that are calculated and maintained by network elements; (ii) log files that are stored on different types of network servers and elements; (iii) traffic captures or traffic statistics (for example, first and second order statistics, multifractal characteristics) that are extracted/inferred and stored on network probes that are distributed over the network infrastructure. In this way, the detection framework should inherently include a distributed system for traffic measurement, traffic analysis and network data collection.

This project, with 2 years duration, has a total budget of 82.668 Euros and includes a research team with 5 researchers and 4 research grants belonging to 4 different institutions: Instituto de Telecomunicações, University of Aveiro and Instituto Superior Técnico – Technical University of Lisbon.