BotChase: Graph-Based Bot Detection Using Machine Learning
| dc.contributor.author | Abou Daya, Abbas | |
| dc.date.accessioned | 2019-05-21T15:37:53Z | |
| dc.date.available | 2019-05-21T15:37:53Z | |
| dc.date.issued | 2019-05-21 | |
| dc.date.submitted | 2019-05-10 | |
| dc.description.abstract | Bot detection using machine learning (ML), with network flow-level features, has been extensively studied in the literature. However, existing flow-based approaches typically incur a high computational overhead and do not completely capture the network communication patterns, which can expose additional aspects of malicious hosts. Recently, bot detection systems which leverage communication graph analysis using ML have gained traction to overcome these limitations. A graph-based approach is rather intuitive, as graphs are true representations of network communications. In this thesis, we propose BotChase, a two-phased graph-based bot detection system that leverages both unsupervised and supervised ML. The first phase prunes presumable benign hosts, while the second phase achieves bot detection with high precision. Our prototype implementation of BotChase detects multiple types of bots and exhibits robustness to zero-day attacks. It also accommodates different network topologies and is suitable for large-scale data. Compared to the state-of-the-art, BotChase outperforms an end-to-end system that employs flow-based features and performs particularly well in an online setting. | en |
| dc.identifier.uri | http://hdl.handle.net/10012/14654 | |
| dc.language.iso | en | en |
| dc.pending | false | |
| dc.publisher | University of Waterloo | en |
| dc.subject | machine learning | en |
| dc.subject | supervised learning | en |
| dc.subject | unsupervised learning | en |
| dc.subject | graph | en |
| dc.subject | bot detection | en |
| dc.subject | BotChase | en |
| dc.subject | anomaly-based | en |
| dc.subject | normalization | en |
| dc.subject | two-phased system | en |
| dc.title | BotChase: Graph-Based Bot Detection Using Machine Learning | en |
| dc.type | Master Thesis | en |
| uws-etd.degree | Master of Mathematics | en |
| uws-etd.degree.department | David R. Cheriton School of Computer Science | en |
| uws-etd.degree.discipline | Computer Science | en |
| uws-etd.degree.grantor | University of Waterloo | en |
| uws.contributor.advisor | Boutaba, Raouf | |
| uws.contributor.affiliation1 | Faculty of Mathematics | en |
| uws.peerReviewStatus | Unreviewed | en |
| uws.published.city | Waterloo | en |
| uws.published.country | Canada | en |
| uws.published.province | Ontario | en |
| uws.scholarLevel | Graduate | en |
| uws.typeOfResource | Text | en |