Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Offloading of Fog Data Networks with Network Coded Cooperative D2D Communications Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

Towards Developing Network Forensic Mechanism for Botnet Activities in the IoT Based on Machine Learning Techniques

verfasst von : Nickolaos Koroniotis, Nour Moustafa, Elena Sitnikova, Jill Slay

Erschienen in: Mobile Networks and Management

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The IoT is a network of interconnected everyday objects called “things” that have been augmented with a small measure of computing capabilities. Lately, the IoT has been affected by a variety of different botnet activities. As botnets have been the cause of serious security risks and financial damage over the years, existing Network forensic techniques cannot identify and track current sophisticated methods of botnets. This is because commercial tools mainly depend on signature-based approaches that cannot discover new forms of botnet. In literature, several studies have conducted the use of Machine Learning (ML) techniques in order to train and validate a model for defining such attacks, but they still produce high false alarm rates with the challenge of investigating the tracks of botnets. This paper investigates the role of ML techniques for developing a Network forensic mechanism based on network flow identifiers that can track suspicious activities of botnets. The experimental results using the UNSW-NB15 dataset revealed that ML techniques with flow identifiers can effectively and efficiently detect botnets’ attacks and their tracks.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Persistent vs Service IDs in Android: Session Fingerprinting from Apps
Nächstes Kapitel Performance Comparison of Distributed Pattern Matching Algorithms on Hadoop MapReduce Framework
Literatur
1.
Silva, S.S.C., Silva, R.M.P., Pinto, R.C.G., Salles, R.M.: Botnets: a survey. Comput. Netw. 57(2), 378–403 (2013)CrossRef
2.
Khattak, S., Ramay, N.R., Khan, K.R., Syed, A.A., Khayam, S.A.: A taxonomy of Botnet behavior, detection, and defense. IEEE Commun. Surv. Tutor. 16(2), 898–924 (2014)CrossRef
3.
Negash, N., Che, X.: An overview of modern Botnets. Inf. Secur. J.: Glob. Perspect. 24(4–6), 127–132 (2015)
4.
Amini, P., Araghizadeh, M.A., Azmi, R.: A survey on Botnet: classification, detection and defense. In: 2015 International Electronics Symposium (IES), pp. 233–238. IEEE (2015)
5.
6.
Sheen, S., Rajesh, R.: Network intrusion detection using feature selection and Decision tree classifier. In: TENCON 2008-2008 IEEE Region 10 Conference. IEEE (2008)
7.
Chandrashekar, G., Sahin, F.: A survey on feature selection methods. Comput. Electr. Eng. 40(1), 16–28 (2014)CrossRef
8.
Jović, A., Brkić, K., Bogunović, N.: A review of feature selection methods with applications. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). IEEE (2015)
9.
Bhavsar, Y.B., Waghmare, K.C.: Intrusion detection system using data mining technique: support vector machine. Int. J. Emerg. Technol. Adv. Eng. 3(3), 581–586 (2013)
10.
Area, S., Mesra, R.: Analysis of bayes, neural network and tree classifier of classification technique in data mining using WEKA (2012)
11.
Sebastian, S., Puthiyidam, J.J.: Evaluating students performance by artificial neural network using weka. Int. J. Comput. Appl. 119(23) (2015)CrossRef
12.
Xiao, L., Chen, Y., Chang, C.K.: Bayesian model averaging of Bayesian network classifiers for intrusion detection. In: 2014 IEEE 38th International Computer Software and Applications Conference Workshops (COMPSACW), pp. 128–133. IEEE (2014)
13.
Moustafa, N., Slay, J.: The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In: 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS). IEEE (2015)
14.
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: Military Communications and Information Systems Conference (MilCIS), 2015. IEEE (2015)
15.
Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT: analysing the rise of IoT compromises. EMU 9, 1 (2015)
16.
Ronen, E., Shamir, A., Weingarten, A.O., O’Flynn, C.: IoT goes nuclear: creating a ZigBee chain reaction. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 195–212 (2017)
17.
Roux, J., Alata, E., Auriol, G., Nicomette, V., Kaâniche, M.: Toward an intrusion detection approach for IoT based on radio communications profiling. In: 13th European Dependable Computing Conference (2017)
18.
Lin, K.C., Chen, S.Y., Hung, J.C.: Botnet detection using support vector machines with artificial fish swarm algorithm. J. Appl. Math. 2014, 9 (2014)
19.
Greensmith, J.: Securing the Internet of Things with responsive artificial immune systems. In: Proceedings of the 2015 Annual Conference on Genetic and Evolutionary Computation, pp. 113–120. ACM (2015)
20.
Pijpker, J., Vranken, H.: The role of internet service providers in botnet mitigation. In: Intelligence and Security Informatics Conference (EISIC), 2016 European. IEEE (2016)
21.
Wang, X.-J., Wang, X.: Topology-assisted deterministic packet marking for IP traceback. J. China Univ. Posts Telecommun. 17(2), 116–121 (2010)CrossRef
22.
Khan, S., Gani, A., Wahab, A.W.A., Shiraz, M., Ahmad, I.: Network forensics: review, taxonomy, and open challenges. J. Netw. Comput. Appl. 66, 214–235 (2016)CrossRef
23.
Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data
24.
Prakash, P.B., Krishna, E.S.P.: Achieving high accuracy in an attack-path reconstruction in marking on demand scheme. i-Manager’s J. Inf. Technol. 5(3), 24 (2016)
25.
Sangkatsanee, P., Wattanapongsakorn, N., Charnsripinyo, C.: Practical real-time intrusion detection using machine learning approaches. Comput. Commun. 34(18), 2227–2235 (2011)CrossRef
26.
Moustafa, N., Creech, G., Slay, J.: Big data analytics for intrusion detection system: statistical decision-making using finite dirichlet mixture models. In: Palomares Carrascosa, I., Kalutarage, H.K., Huang, Y. (eds.) Data Analytics and Decision Support for Cybersecurity. DA, pp. 127–156. Springer, Cham (2017). https://​doi.​org/​10.​1007/​978-3-319-59439-2_​5CrossRef
27.
Bansal, S., Qaiser, M., Khatri, S., Bijalwan, A.: Botnet Forensics Framework: Is Your System a Bot. In: 2015 Second International Conference on Advances in Computing and Communication Engineering, Dehradun, 2015, pp. 535–540 (2015)
28.
Moustafa, N., Slay, J.: A hybrid feature selection for network intrusion detection systems: central points. arXiv preprint arXiv:​1707.​05505 (2017)
29.
Divakaran, D.M., Fok, K.W., Nevat, I., Thing, V.L.L.: Evidence gathering for network security and forensics. Digit. Investig. 20(S), S56–S65 (2017)CrossRef
30.
Wang, K., Du, M., Sun, Y., Vinel, A., Zhang, Y.: Attack detection and distributed forensics in machine-to-machine networks. IEEE Netw. 30(6), 49–55 (2016)CrossRef
31.
Moustaf, N., Slay, J.: Creating novel features to anomaly network detection using darpa-2009 data set. In: Proceedings of the 14th European Conference on Cyber Warfare and Security. Academic Conferences Limited (2015)
32.
Rose, K., Eldridge, S., Chapin, L.: The Internet of Things: an overview (2015)
33.
Hossain, M.M., Fotouhi, M., Hasan, R.: Towards an analysis of security issues, challenges, and open problems in the internet of things. In: 2015 IEEE World Congress on Services, New York City, NY, pp. 21–28 (2015)
34.
Shattuck, J., Boddy, S.: Threat Analysis Report DDoS’s Latest Minions: IoT Devices. F5 LABS, vol. 1 (2016)
35.
Schneier, B.: Botnets of things. MIT Technol. Rev. 120(2), 88–91 (2017). Business Source Premier, EBSCOhost. Accessed 24 Aug 2017
36.
Ronen, E., O’Flynn, C., Shamir, A., Weingarten, A.-O.: IoT goes nuclear: creating a ZigBee chain reaction. In: Cryptology ePrint Archive, Report 2016/1047 (2016)
37.
Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT: analysing the rise of IoT compromises. In: Francillon, A., Ptacek, T. (eds.). Proceedings of the 9th USENIX Conference on Offensive Technologies (WOOT 2015). USENIX Association, Berkeley, CA, USA, p. 9 (2015)
38.
39.
Houmansadr, A., Borisov, N.: BotMosaic: collaborative network watermark for the detection of IRC-based botnets. J. Syst. Softw. 86(3), 707–715 (2013). ISSN 0164-1212CrossRef
40.
41.
Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J.: Glob. Perspect. 25(1–3), 18–31 (2016)
Metadaten
Titel
Towards Developing Network Forensic Mechanism for Botnet Activities in the IoT Based on Machine Learning Techniques
verfasst von
Nickolaos Koroniotis
Nour Moustafa
Elena Sitnikova
Jill Slay
Copyright-Jahr
2018
Buch
Mobile Networks and Management

Print ISBN: 978-3-319-90774-1

Electronic ISBN: 978-3-319-90775-8

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-3-319-90775-8_3