BEGIN:VCALENDAR PRODID:-//Mercury//HGEvent//EN VERSION:2.0 METHOD:PUBLISH BEGIN:VEVENT STATUS:CONFIRMED LAST-MODIFIED:20130604T191506 PRIORITY:0 CLASS:PUBLIC UID:ATEvent-eed436ece7e23bbcfe0d4623c4969225 SUMMARY:Ph.D. Defense of Dissertation: Junjie Zhang DESCRIPTION:Ph.D. Defense of Dissertation AnnouncementTitle: Effective and Scalable Botnet Detection in Network TrafficJunjie ZhangSchool of Computer ScienceCollege of ComputingGeorgia Institute of TechnologyDate: Monday\, June 4th\, 2012Time: 10:00 AM - 12:00 PMLocation: Klaus 3126 (GTISC War Room)Committee:\nProf. Wenke Lee\, School of Computer Science (Advisor)Prof. Mustaque Ahamad\, School of Computer ScienceProf. Nick Feamster\, School of Computer ScienceProf. Patrick Traynor\, School of Computer ScienceProf. John Copeland\, School of Electrical and Computer EngineeringAbstract:Botnets represent one of the most serious threats against Internet security since they serve as platforms that are responsible for the vast majority of large-scale and coordinated cyber attacks\, such as distributed denial of service\, spamming\, and information stolen.Detecting botnets is therefore of great importance and a number of network-based botnet detection systems have been proposed. However\, as botnets perform attacks in an increasingly stealthy way and the volume of network traffic is rapidly growing\, existing botnet detection systems are faced with significant challenges in terms of effectiveness and scalability.The objective of this dissertation is to build novel network-based solutions that can boost both the effectiveness of existing botnet detection systems by detecting botnets whose attacks are very hard to be observed in network traffic\, and their scalability by adaptively sampling network packets that are likely generated by botnets. To be specific\, this dissertation describes three unique contributions.First\, we built a new system to detect drive-by download attacks\, which represent one of the most significant and popular methods for botnet infection. The goal of our system is to boost the effectiveness of existing drive-by download detection systems by detecting a large number of drive-by download attacks that are missed by these existing detection efforts.Second\, we built a new system to detect botnets with peer-to-peer (P2P) command and control (C&C) channels (a.k.a. P2P botnets)\, where P2P C&Cs represent currently the most robust C&C structures against disruption efforts. Our system aims to boost the effectiveness of existing P2P botnet detection by detecting P2P botnets in two challenging scenarios: i) botnets perform stealthy attacks that are extremely hard to be observed in the network traffic; ii) bot-infected hosts are also running legitimate P2P applications (e.g.\, Bittorrent and Skype).Finally\, we built a novel traffic analysis framework to boost the scalability of existing botnet detection systems. Our framework can effectively and efficiently identify a small percentage of hosts that are likely to be bots\, and then forward network traffic associated with these hosts to existing detection systems for fine-grained analysis\, thereby boosting the scalability of existing detection systems. Our traffic analysis framework includes a novel botnet-aware and adaptive packet sampling algorithm\, and a scalable flow-correlation technique.\n DTSTART:20120604T100000 DTEND:20120604T100000 CREATED:20121220T161512 DTSTAMP:20121220T161512 SEQUENCE:0 LOCATION: END:VEVENT END:VCALENDAR