Botnet behaviour analysis: How would a data analytics-based system with minimum a priori information perform?
- Dalhousie Univ., Halifax, NS (Canada). Faculty of Computer Science
Botnets, as one of the most aggressive threats, has used different techniques, topologies, and communication protocols in different stages of their lifecycle since 2003. Hence, identifying botnets has become very challenging specifically given that they can upgrade their methodology at any time. Various detection approaches have been proposed by the cyber-security researchers, focusing on different aspects of these threats. In this work, 5 different botnet detection approaches are investigated. These systems are selected based on the technique used and type of data used where 2 are public rule–based systems (BotHunter and Snort) and the other 3 use machine learning algorithm with different feature extraction methods (packet payload based and traffic flow based). On the other hand, 4 of these systems are based on a priori knowledge while one is using minimum a priori information. The objective here is to evaluate the effectiveness of these approaches under different scenarios (eg, multi-botnet and single-botnet classifications) as well as exploring how a system with minimum a priori information would perform. The goal is to investigate if a system with minimum a priori information could result in a competitive performance compared to systems using a priori knowledge. The evaluation is shown on 24 publicly available botnet data sets. Results indicate that a machine learning–based system with minimum a priori information not only achieves a very high performance but also generalizes much better than the other systems evaluated on a wide range of botnet structures (from centralized to decentralized botnets).
- Research Organization:
- Lawrence Berkeley National Laboratory (LBNL), Berkeley, CA (United States). National Energy Research Scientific Computing Center (NERSC)
- Sponsoring Organization:
- USDOE
- OSTI ID:
- 1543482
- Journal Information:
- International Journal of Network Management, Vol. 27, Issue 4; ISSN 1055-7148
- Country of Publication:
- United States
- Language:
- English
Web of Science
Botnet detection based on network flow summary and deep learning
|
journal | July 2018 |
Deep learning to detect botnet via network flow summaries
|
journal | July 2018 |
A novel network virtualization based on data analytics in connected environment
|
journal | October 2018 |
An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers
|
journal | June 2019 |
Similar Records
Detecting Peer-to-Peer Botnets in SCADA Systems
P2P-based botnets: structural analysis, monitoring, and mitigation