The days when the Internet used to be an academic network with no malicious activity are long gone. Today, there is a high incentive for cyber-criminals to engage in malicious, profit-oriented illegal activity on the Internet. A popular tool of choice for digital criminals are bots. A number of bot-infected machines that are combined under the control of a single, malicious entity are referred to as a botnet. Such botnets are often abused as platforms to launch denial of service to send spam or to host scam pages.
In this thesis, we propose three network-based botnet detection techniques.
Each technique models the detections by analyzing different types of network
data: the first detection technique performs packet level inspection. The second one analyzes the DNS traffic to find the domains that are abused for different kinds of malicious purposes including being assigned for the command and control servers. And finally, the last one detects command and control servers by analyzing NetFlow data.
