nach oben

Soft Computing

Erschienen in:

11.05.2020 | Methodologies and Application

DeepBot: a time-based botnet detection with deep learning

verfasst von: Wan-Chen Shi, Hung-Min Sun

Erschienen in: Soft Computing | Ausgabe 21/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Over the decades, as the technology of Internet thrives rapidly, more and more kinds of cyber-attacks are blasting out around the world. Among them, botnet is one of the most noxious attacks which has always been challenging to overcome. The difficulties of botnet detection stem from the various forms of attack since the viruses keep evolving to avoid themselves from being found. Rule-based botnet detection has its shortcoming of detecting dynamically changing features. On the other hand, the more the Internet functionalities are developed, the severer the impacts botnets may cause. In recent years, many network devices have suffered from botnet attacks as the Internet of things technology prospers, which caused great damage in many industries. Consequently, botnet detection has always been a critical issue in computer security field. In this paper, we introduce a method to detect potential botnets by inspecting the behaviors of network traffics from network packets. In the beginning, we sample the given packets by a period of time and extract the behavioral features from a series of packets. By analyzing these features with proposed deep learning models, we can detect the threat of botnets and classify them into different categories.

Vorheriger Artikel Interaction design research based on large data rule mining and blockchain communication technology

Nächster Artikel Design of NEWMA np control chart for monitoring neutrosophic nonconforming items

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Bai S, Kolter JZ, Koltun V (2018) An empirical evaluation of generic convolutional and recurrent networks for sequence modeling. CoRR, vol abs/1803.01271 [Online]. arXiv:1803.01271

Behind the numbers: growth in the Internet of Things (2015). https://cdn.ihs.com/www/pdf/enabling-IOT.pdf

Binkley JR, Singh S (2006) An algorithm for anomaly-based botnet detection. In: Proceedings of the 2nd conference on steps to reducing unwanted traffic on the internet. USENIX Association [Online]. http://dl.acm.org/citation.cfm?id=1251296.1251303

Botnet topology. https://www.researchgate.net/figure/Typical-Client-Server-Botnet-Command-and-Control-Topology_fig1_266209917

Choi H, Lee H, Lee H, Kim H (Oct 2007) Botnet detection by monitoring group activities in DNS traffic. In: 7th IEEE international conference on computer and information technology

Dynamic generation algorithms. https://en.wikipedia.org/wiki/Domain_generation_algorithm

Feily M, Shahrestani A, Ramadass S (2009) A survey of botnet and botnet detection. In: Third international conference on emerging security information, systems and technologies

García S, Grill M, Stiborek J, Zunino A (2014) An empirical comparison of botnet detection methods. Comput Secur 45:100–123. https://doi.org/10.1016/j.cose.2014.05.011CrossRef

Gu G, Perdisci R, Zhang J, Lee W (2008) Botminer: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th conference on security symposium, ser. SS’08. USENIX Association [Online]. http://dl.acm.org/citation.cfm?id=1496711.1496721

Hochreiter S (1998) The vanishing gradient problem during learning recurrent neural nets and problem solutions. Int J Uncertain Fuzziness Knowl-Based Syst. https://doi.org/10.1142/S0218488598000094CrossRefMATH

Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput. https://doi.org/10.1162/neco.1997.9.8.1735CrossRef

Homayoun S, Ahmadzadeh M, Hashemi S, Dehghantanha A, Khayami R (2018) BoTShark: a deep learning approach for botnet traffic detection. Springer, Cham, pp 137–153

Jain LC, Medsker LR (1999) Recurrent neural networks: design and applications, 1st edn. CRC Press Inc, Boca Raton

Karasaridis A, Rexroad B, Hoeflin D (2007) Wide-scale botnet detection and characterization. In: Proceedings of the first conference on first workshop on hot topics in understanding botnets. USENIX Association [Online]. http://dl.acm.org/citation.cfm?id=1323128.1323135

Mikolov T, Karafiat M, Burget L, Cernocky J, Khudanpur S (2010) Recurrent neural network based language model. In: International speech communication association, pp 1045–1048

Pysahrk. https://kiminewt.github.io/pyshark/

Siboni S, Cohen A (2014) Botnet identification via universal anomaly detection. In: 2014 IEEE international workshop on information forensics and security (WIFS), pp 101–106

Smominru (2018). https://www.cyber.nj.gov/threat-profiles/botnet-variants/smominru

Snort (2016). https://www.snort.org/

Srivastava N, Hinton G, Krizhevsky A, Sutskever I, Salakhutdinov R (2014) Dropout: a simple way to prevent neural networks from overfitting. J Mach Learn Res 15(1):1929–1958. http://dl.acm.org/citation.cfm?id=2627435.2670313

Sutskever I, Martens J, Hinton G (2011)Generating text with recurrent neural networks. In: Proceedings of the 28th international conference on machine learning (ICML-11), pp 1017–1024

Sutskever I, Vinyals O, Le QV (2014) Sequence to sequence learning with neural networks. In: Advances in neural information processing systems 27(NIPS 2014), pp 3104–1112

Tran D, Mac H, Tong VT, Tran HA, Nguyen LG (2018) A LSTM based framework for handling multiclass imbalance in dga botnet detection. Neurocomputing 275:2401–2413 CrossRef

Tshark. https://www.wireshark.org/docs/man-pages/tshark.html

Villamarin-Salomon R, Brustoloni JC (2008) Identifying botnets using anomaly detection techniques applied to DNS traffic. In: 2008 5th IEEE consumer communications and networking conference, pp 476–481

Vinayakumar R, Soman K, Poornachandran P, Alazab M, Jolfaei A (2019) DBD: deep learning dga-based botnet detection. In: Deep learning applications for cyber security. Springer, Cham, Switzerland, 2019, pp 127–149

Wang W, Zhu M, Zeng X, Ye X, Shengand Y (2017) Malware traffic classification using convolutional neural network for representation learning. In: 2017 International conference on information networking

Wikipedia: Mirai. https://en.wikipedia.org/wiki/Mirai_(malware)

Wikipedia: Softmax function. https://en.wikipedia.org/wiki/Softmax_function

Xu K, Ba J, Kiros R, Cho K, Courville A, Salakhutdinov R, Zemel R, Bengio Y (2015) Show, attend and tell: neural image caption generation with visual attention. In: Proceedings of the 32nd international conference on machine learning, vol 37

Ziv J, Lempel A (978) Compression of individual sequences via variable-rate coding. In: 1978 IEEE transactions on information theory, pp 530–536

Titel: DeepBot: a time-based botnet detection with deep learning
verfasst von: Wan-Chen Shi
Hung-Min Sun
Publikationsdatum: 11.05.2020
Verlag: Springer Berlin Heidelberg
Erschienen in: Soft Computing / Ausgabe 21/2020
Print ISSN: 1432-7643
Elektronische ISSN: 1433-7479
DOI: https://doi.org/10.1007/s00500-020-04963-z

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 21/2020

Automatic detection and classification of EEG artifacts using fuzzy kernel SVM and wavelet ICA (WICA)

Design of NEWMA np control chart for monitoring neutrosophic nonconforming items

Optimal trade-off between sample size, precision of supervision, and selection probabilities for the unbalanced fixed effects panel data model

Fuzzy structural element method for solving fuzzy dual medium seepage model in reservoir

Towards a general class of parametric probability weighting functions

Granular matrix method of attribute reduction in formal contexts

Premium Partner