报告题目: A Botnet Detection System Based on Machine-Learning using Flow-Based Features

报告人: 孙宏民教授(台湾国立清华大学)

报告时间：2018年7月31日（周二）,10:00-11:30

报告地点：数计学院2号楼309报告厅

报告摘要：

Botnets have always been a formidable cyber security threat. They are growing rapidly nowadays when the Internet of Things (IOT) has become an important issue and the number of internet-connected smart devices has increased by more than 15% annually. Although PC antivirus solution has been developed for a long time, it is still problematic. And the security issue of smart phones has just come into the spotlight in the near few years, not to mention the fact that smart devices and IoT are still at their growing stages. As such, the security issue of smart devices are full of uncertainties. In the foreseeable future, more devices will become a bot of botnet. In this work, we propose a system to detect potential botnet by analyzing the flows on the Internet. The system classifies similar flow traffic into groups, and then extracts the behavior patterns of each group for machine learning. The system can not only analyze p2p botnets but also extract the patterns to application layers, which can analyze botnets using http protocols.

报告人简介：孙宏民教授是一位著名的信息安全学者，一九九五年获得台湾新竹交通大学资讯工程系博士学位，现为台湾新竹清华大学资讯工程系教授兼资讯系统与应用研究所所长，专精于密码学与网络安全之研究，其研究成果发表于国际知名期刊及会议论文超过200余篇。孙宏民教授学经历丰富，曾任成功大学副教授、清华大学副教授及教授、新西兰奥克兰大学访问学者。孙宏民教授曾担任多届台湾信息安全学会理事，现为台湾信息安全学会常务理事暨产学合作委员会主任委员。孙教授亦担任许多国际期刊编辑及国际会议议程委员，同时亦获得许多国内外学术奖项，包括第八届「有庠科技论文奖」、中国电机工程学会2014年「杰出电机工程教授奖」、 2000年,2003年,2004年清华大学电资院第一等级(电资院前4%)「教师学术卓越奖励」、2015 World Congress on Information Technology Applications and Services: Outstanding Research Award，以及许多最佳论文奖，积极参与推动国际学术交流及服务工作。他的研究兴趣在信息安全、金融科技、区块链等。