Top

Published in:

02-05-2024

Bot-FFX: A Robust and Efficient Framework for Fast Flux Botnet (FFB) Detection

Authors: Femi Emmanuel Ayo, Joseph Bamidele Awotunde, Sakinat Oluwabukonla Folorunso, Ranjit Panigrahi, Amik Garg, Akash Kumar Bhoi

Published in: Wireless Personal Communications | Issue 2/2024

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Fast Flux Botnet (FFB) poses a significant threat as an advanced method employed by cybercriminals for orchestrating distributed malicious attacks. Existing FFB detection systems face challenges such as vulnerability to evasion mechanisms, prolonged detection times, and high dimensionality of the feature set. In response to these issues, this study introduces Bot-FFX, an improved FFB detection architecture designed to enhance the accuracy and efficiency of detection. Bot-FFX comprises four integral modules: extractor, filter, resolver, and detector. The extractor module is dedicated to Domain Name System (DNS) queries on domains, while the filter module classifies incoming domains as denylist or safelist, redirecting unclassified domains to the resolver. The resolver extracts all associated IP addresses within 10 min of the domain's Time-To-Live (TTL). The detector module employs a rule-based Genetic Algorithm (GA) and K-Nearest Neighbor (KNN) for botnet detection. Utilizing metrics such as Standard Deviation of Round Trip Time (SDRTT), Average Google Hits (AGH), and Genetic Threshold Value (GTV), the detector, built on a K-Dimensional (KD) tree KNN algorithm, accurately classifies domains based on their set of IP addresses. To evaluate Bot-FFX, a dataset comprising 2000 benign domains and 1630 botnet domains was utilized, divided into 50% training and testing sets. The results demonstrate the effectiveness of Bot-FFX, achieving an impressive accuracy of 99.178%, with a minimal false positive rate of 0.8% and an equally low false negative rate of 0.8%. This study establishes Bot-FFX as a robust and efficient framework for Fast Flux Botnet detection, contributing to the ongoing efforts in cybersecurity to combat evolving cyber threats.

previous article Scalable and Cost-Efficient PoA Consensus-Based Blockchain Solution for Vaccination Record Management

next article Ground Penetrating Radar Model and its Validation using Developed Prototype

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Zhang, L., Shui, Y., Di, W. & Paul, W. (2011). A Survey on Latest Botnet Attack and Defense. In: Proceedings of International Joint Conference of IEEE Trustcom-11/IEEE ICESS-11/FCST-11. Changsha China, pp. 53–60.

Butt, U. J., Richardson, W., Nouman, A., Agbo, H. M., Eghan, C., & Hashmi, F. (2021). Cloud and Its Security Impacts on Managing a Workforce Remotely: A Reflection to Cover Remote Working Challenges. In Cybersecurity, Privacy and Freedom Protection in the Connected World (pp. 285–311). Springer.

Awotunde, J. B., Jimoh, R. G., Folorunso, S. O., Adeniyi, E. A., Abiodun, K. M., & Banjo, O. O. (2021). Privacy and security concerns in IoT-based healthcare systems. Internet of Things, 2021, 105–134.CrossRef

Lin, H.-T., Lin, Y.-Y., & Chiang, J.-W. (2013). Genetic-based real-time fast-flux service networks detection. Journal of Computer Networks, 57(2), 501–513.CrossRef

Holz, T., Gorecki, C., Rieck, K. & Freiling F.C. 2008. Detection and mitigation of fast-flux service networks. In: Proceedings of the 15th Network and Distributed System Security Symposium. San Diego USA.

Lallie, H. S., Shepherd, L. A., Nurse, J. R., Erola, A., Epiphaniou, G., Maple, C., & Bellekens, X. (2021). Cyber security in the age of covid-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security, 105, 102248.CrossRef

Stalmans, E. & Irwin, B. (2011). A framework for DNS based detection and mitigation of malware infections on a network. In: Proceedings of the 10th IEEE International Conference on Information Security. Johannesburg, South Africa, pp. 1–8

Khari, M., Dalal, R., & Rohilla, P. (2020). Extended paradigms for botnets with WoT applications: a review. Smart Innovation of Web of Things, pp 105–122.

Aruna, J., & Shyry, S. P. (2021). Survey on Artificial Intelligence Based Resilient Recovery of Botnet Attack. In 2021 5th International Conference on Trends in Electronics and Informatics (ICOEI) (pp. 1–8). IEEE.

10.

Firat, I. (2021). Inevitable Battle Against Botnets. In Research Anthology on Combating Denial-of-Service Attacks (pp. 1–19). IGI Global.

11.

Hsu, C-H., Huang, C-Y. & Chen, K-T. (2010). Fast-flux bot detection in real time. In: Proceedings of the 13th International Conference on Recent Advances in Intrusion Detection (RAID). Springer, pp.464–483.

12.

Passerini, E., Roberto, P., Lorenzo, M. & Danilo, B. (2008). FluXOR: Detecting and Monitoring Fast-Flux Service Networks. Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, pp.186–206.

13.

Ahmad, R., & Alsmadi, I. (2021). Machine learning approaches to IoT security: A systematic literature review. Internet of Things, 100365.

14.

Awotunde, J. B., Chakraborty, C., & Adeniyi, A. E. (2021). Intrusion detection in industrial internet of things network-based on deep learning model with rule-based feature selection. Wireless Communications and Mobile Computing, 2021(2021), 7154587.

15.

Ashraf, J., Keshk, M., Moustafa, N., Abdel-Basset, M., Khurshid, H., Bakhshi, A. D., & Mostafa, R. R. (2021.) IoTBoT-IDS: A novel statistical learning-enabled botnet detection framework for protecting networks of smart cities. Sustainable Cities and Society, 103041.

16.

Zhang, J., Ling, Y., Fu, X., Yang, X., Xiong, G., & Zhang, R. (2020). Model of the intrusion detection system based on the integration of spatial-temporal features. Computers & Security, 89, 101681.CrossRef

17.

Hsu, F.-H., Wang, C.-S., Hsu, C.-H., Tso, C.-K., Chen, L.-H., & Lin, S.-H. (2014). Detect fast-flux domains through response time differences. IEEE Journal on Selected Areas in Communications, 32(10), 1947–1956.CrossRef

18.

Knysz, M., Hu, X. & Shin, K. 2011. Good guys vs. bot guise: Disguise attacks against fast-flux detection systems. In: Proceedings of 2011 IEEE INFOCOM. Shanghai China, pp.1844–1852.

19.

Zhu, Z., Lu, G., Chen, Y., Fu, Z. J., Roberts, P., & Han, K. (2008). Botnet research survey. In 2008 32nd Annual IEEE International Computer Software and Applications Conference (pp. 967–972). IEEE.

20.

Provos, N. (2004). A virtual honeypot framework. In USENIX Security Symposium (Vol. 173, No. 2004, pp. 1–14).

21.

Choo, K. K. R. (2007). Zombies and botnets. Trends and Issues in Crime and Criminal Justice, 333, 1–6.

22.

Dagon, D., Zou, C. C., & Lee, W. (2006). Modeling botnet propagation using time zones. In NDSS (Vol. 6, pp. 2–13).

23.

Zeidanloo, H. R., Shooshtari, M. J. Z., Amoli, P. V., Safari, M., & Zamani, M. (2010). A taxonomy of botnet detection techniques. In 2010 3rd International Conference on Computer Science and Information Technology (Vol. 2, pp. 158–162). IEEE.

24.

Wang, T. Z., Wang, H. M., Liu, B., & Shi, P. C. (2012). Some critical problems of botnets. Chinese Journal of Computers, 35(6), 1192–1208.CrossRef

25.

Alparslan, E., Karahoca, A., & Karahoca, D. 2012. BotNet detection: Enhancing analysis by using data mining techniques. In Advances in Data Mining Knowledge Discovery and Applications (Vol. 349). IntechOpen.

26.

Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A. C. & Savage, S. (2005). Scalability, fidelity, and containment in the potemkin virtual honeyfarm. In Proceedings of the twentieth ACM symposium on Operating systems principles (pp. 148–162).

27.

Bajtoš, T., Sokol, P., & Mézešová, T. (2018). Virtual honeypots and detection of telnet botnets. In Proceedings of the Central European Cybersecurity Conference 2018 (pp. 1–6).

28.

Shan, Y., Yao, Y., Zhao, T., & Yang, W. (2023). NeuPot: A neural network-based honeypot for detecting cyber threats in industrial control systems. IEEE Transactions on Industrial Informatics.

29.

Gu, G., Porras, P. A., Yegneswaran, V., Fong, M. W., & Lee, W. (2007). Bothunter: Detecting malware infection through ids-driven dialog correlation. In USENIX Security Symposium (Vol. 7, pp. 1–16).

30.

Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., & Osipkov, I. (2008). Spamming botnets: Signatures and characteristics. ACM SIGCOMM Computer Communication Review, 38(4), 171–182.CrossRef

31.

Behal, S., Brar, A. S., & Kumar, K. (2010). Signature-based botnet detection and prevention. In Proceedings of International Symposium on Computer Engineering and Technology (pp. 127–132).

32.

Chen, T., Zhou, G., Liu, Z., & Jing, T. (2020). A novel ensemble anomaly based approach for command and control channel detection. In Proceedings of the 2020 4th International Conference on Cryptography, Security and Privacy (pp. 74–78).

33.

Kirubavathi, G., & Anitha, R. (2016). Botnet detection via mining of traffic flow characteristics. Computers & Electrical Engineering, 50, 91–101.CrossRef

34.

Tangari, G., Tuncer, D., Charalambides, M., & Pavlou, G. (2017). Decentralized monitoring for large-scale software-defined networks. In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management (IM) (pp. 289–297). IEEE.

35.

Hoang, X. D., & Nguyen, Q. C. (2018). Botnet detection based on machine learning techniques using DNS query data. Future Internet, 10(5), 43.CrossRef

36.

Nõmm, S., & Bahşi, H. (2018). Unsupervised anomaly based botnet detection in IoT networks. In 2018 17th IEEE international conference on machine learning and applications (ICMLA) (pp. 1048–1053). IEEE.

37.

Shang, Y., Yang, S., & Wang, W. (2018). Botnet detection with hybrid analysis on flow based and graph based features of network traffic. In International Conference on Cloud Computing and Security (pp. 612–621). Springer, Cham.

38.

Maeda, S., Kanai, A., Tanimoto, S., Hatashima, T., & Ohkubo, K. (2019). A botnet detection method on SDN using deep learning. In 2019 IEEE International Conference on Consumer Electronics (ICCE) (pp. 1–6). IEEE.

39.

Ayo, F. E., Folorunso, S. O., Abayomi-Alli, A. A., Adekunle, A. O., & Awotunde, J. B. (2020). Network intrusion detection based on deep learning model optimized with rule-based hybrid feature selection. Information Security Journal: A Global Perspective, 29(6), 267–283.

40.

Awotunde, J. B., & Misra, S. (2022). Feature extraction and artificial intelligence-based intrusion detection model for a secure internet of things networks. Lecture Notes on Data Engineering and Communications Technologies, 2022, 109, pp. 21–44. Springer.

41.

Randhawa, R. H., Aslam, N., Alauthman, M., Khalid, M., & Rafiq, H. (2024). Deep reinforcement learning based Evasion Generative Adversarial Network for botnet detection. Future Generation Computer Systems, 150, 294–302.CrossRef

42.

Alieyan, K., Almomani, A., Anbar, M., Alauthman, M., Abdullah, R., & Gupta, B. B. (2021). DNS rule-based schema to botnet detection. Enterprise Information Systems, 15(4), 545–564.CrossRef

43.

Kwon, J., Lee, J., Lee, H., & Perrig, A. (2016). PsyBoG: A scalable botnet detection method for large-scale DNS traffic. Computer Networks, 97, 48–73.CrossRef

44.

Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., & Bobrovnikova, K. (2016). Anti-evasion technique for the botnets detection based on the passive DNS monitoring and active DNS probing. In International Conference on Computer Networks (pp. 83–95). Springer.

45.

Wang, T. S., Lin, H. T., Cheng, W. T., & Chen, C. Y. (2017). DBod: Clustering and detecting DGA-based botnets using DNS traffic analysis. Computers & Security, 64, 1–15.CrossRef

46.

Dwyer, O. P., Marnerides, A. K., Giotsas, V., & Mursch, T. (2019). Profiling IoT-based Botnet Traffic using DNS. In 2019 IEEE Global Communications Conference (GLOBECOM) (pp. 1–6). IEEE.

47.

Quezada, V., Astudillo-Salinas, F., Tello-Oquendo, L., & Bernal, P. (2023). Real-time bot infection detection system using DNS fingerprinting and machine-learning. Computer Networks, 228, 109725.CrossRef

48.

Ibrahim, W. N. H., Anuar, S., Selamat, A., Krejcar, O., Crespo, R. G., Herrera-Viedma, E., & Fujita, H. (2021). Multilayer framework for botnet detection using machine learning algorithms. IEEE Access, 9, 48753–48768.CrossRef

49.

Masud, M. M., Al-Khateeb, T., Khan, L., Thuraisingham, B., & Hamlen, K. W. (2008). Flow-based identification of botnet traffic by mining multiple log files. In 2008 first international conference on distributed framework and applications (pp. 200–206). IEEE.

50.

Shahrestani, A., Feily, M., Ahmad, R., & Ramadass, S. (2009). Architecture for applying data mining and visualization on network flow for botnet traffic detection. In 2009 International Conference on Computer Technology and Development (Vol. 1, pp. 33–37). IEEE.

51.

Liao, W. H., & Chang, C. C. (2010). Peer to peer botnet detection using data mining scheme. In 2010 international conference on internet technology and applications (pp. 1–4). IEEE.

52.

Folorunso, O., Ayo, F. E., & Babalola, Y. E. (2016). Ca-NIDS: A network intrusion detection system using combinatorial algorithm approach. Journal of Information Privacy and Security, 12(4), 181–196.CrossRef

53.

Ozkan-Ozay, M., Akin, E., Aslan, Ö., Kosunalp, S., Iliev, T., Stoyanov, I., & Beloev, I. (2024). A Comprehensive Survey: Evaluating the Efficiency of Artificial Intelligence and Machine Learning Techniques on Cyber Security Solutions. IEEE Access

54.

Dora, V., & Lakshmi, V. N. (2022). Optimal feature selection with CNN-feature learning for DDoS attack detection using meta-heuristic-based LSTM. International Journal of Intelligent Robotics and Applications, pp.1–27.

55.

Ramachandran, A., Feamster, N., & Dagon, D. (2006). Revealing botnet membership using dnsbl counter-intelligence. Sruti, 6, 49–54.

56.

Koza, J. R. (1992). Genetic programming: On the programming of computers by means of natural selection. MIT.

57.

Goldberg, D. E., & Holland, J. H. (1988). Genetic algorithms and machine learning. Machine Learning, 3(2), 95–99.CrossRef

58.

Alcalá, R., Gacto, M. J., Herrera, F., & Alcalá-Fdez, J. (2007). A multi-objective genetic algorithm for tuning and rule selection to obtain accurate and compact linguistic fuzzy rule-based systems. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems., 15(05), 539–557.CrossRef

59.

Fernandez, A., Lopez, V., del Jesus, M. J., & Herrera, F. (2015). Revisiting evolutionary fuzzy systems: Taxonomy, applications, new trends and challenges. Knowledge-Based Systems, 80, 109–121.CrossRef

60.

Manocha, S., & Girolami, M. A. (2007). An empirical analysis of the probabilistic Knearest neighbour classifier. Pattern Recognition Letters, 28, 1818–1824.CrossRef

61.

Bishop, C. M. (1995). Neural networks for pattern recognition. Oxford University.

62.

Mitchell, T. (1997). Machine learning. McGraw Hill.

63.

Suganthi, L., Iniyan, S., & Samuel, A. A. (2015). Applications of fuzzy logic in renewable energy systems–a review. Renewable and Sustainable Energy Reviews, 48, 585–607.CrossRef

64.

Zadeh, L. A. (2015). Fuzzy logic—a personal perspective. Fuzzy Sets and Systems, 281, 4–20.MathSciNetCrossRef

65.

Zadeh, L. A. (1965). Fuzzy sets. Information and Control, 8(3), 338–353.MathSciNetCrossRef

66.

Zadeh, L. A. (1975). The concept of a linguistic variable and its application to approximate reasoning-III. Information Sciences, 9(1), 43–80.MathSciNetCrossRef

67.

Celik, Z.B. & Oktug, S. (2013). Detection of Fast-Flux Networks Using Various DNS Feature Sets. In: Proceedings of IEEE Symposium on Computers and Communications (ISCC). Split Croatia, pp. 000868–000873.

68.

Chang, C.-H., & Lin, C.-J. (2011). LIBSVM: A library for support vector machines. ACM Transactions on Intelligent Systems and Technology, 2(27), 27.

Title: Bot-FFX: A Robust and Efficient Framework for Fast Flux Botnet (FFB) Detection
Authors: Femi Emmanuel Ayo
Joseph Bamidele Awotunde
Sakinat Oluwabukonla Folorunso
Ranjit Panigrahi
Amik Garg
Akash Kumar Bhoi
Publication date: 02-05-2024
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 2/2024
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-024-11119-x

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 2/2024

Instantaneous and Average Throughput Maximization with Solar Energy Harvesting

A Novel Compact Microstrip Octagonal Triplexer for Wireless Applications

Scalable and Cost-Efficient PoA Consensus-Based Blockchain Solution for Vaccination Record Management

Comparative Analysis of LEACH Network Routing Protocol in Wireless Sensor Networks: A Survey

U-Slotted Wideband Microstrip Patch Antenna for Ka Band and mmW 5G Applications

Planar MIMO Antenna Model for Spectrum Sensing Applications