TC: Small: Automatically Identifying Botnet Command and Control Infrastructures
The goal of this project is to develop novel techniques and tools to detect malicious connections from compromised machines to the C&C servers of botnets. The key insight is that when looking at very large volumes of netflow and DNS data over an extended period of time, connection attempts to benign and malicious addresses should exhibit enough differences in behavior so that they can be automatically distinguished. A key challenge in this project is to identify behavioral features that will allow the detection of connections that exhibit botnet-like behavior.
Northeastern University’s College of Engineering is home to numerous federally-funded research centers and an array of leading-edge projects and initiatives that advance discovery and new knowledge in health, sustainability, and security.