Chun Long, Xisheng Xiao, Wei Wan, Jing Zhao, Jinxia Wei, Guanyao Du
{"title":"Botnet Detection Based on Flow Summary and Graph Sampling with Machine Learning","authors":"Chun Long, Xisheng Xiao, Wei Wan, Jing Zhao, Jinxia Wei, Guanyao Du","doi":"10.1109/ICCEA53728.2021.00068","DOIUrl":null,"url":null,"abstract":"With the development of botnets, detecting and preventing botnet attacks has become an important task of network security research. Existing works rarely consider timing patterns in botnets, and thus are not effective in realistic botnet detection, nor can they detect unknown botnets. To deal with these problems, this paper proposes a flow summary and graph sampling based botnet detection method using machine learning algorithms. Firstly, the network flow data is aggregated according to the source host IPs, and the flow summary records are generated within a duration of time window. Meanwhile, we use graph sampling technology to obtain a subset of entire graph, obtaining 4 graph features which are added to the flow summary records. Afterwards, decision tree, random forest and XGBoost machine learning classification models are built to validate the performance of our method. The experimental results on the Bot- IoT and CTU-13 datasets show that the method we proposed can effectively detect botnet traffic and unknown botnets.","PeriodicalId":325790,"journal":{"name":"2021 International Conference on Computer Engineering and Application (ICCEA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Computer Engineering and Application (ICCEA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCEA53728.2021.00068","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
With the development of botnets, detecting and preventing botnet attacks has become an important task of network security research. Existing works rarely consider timing patterns in botnets, and thus are not effective in realistic botnet detection, nor can they detect unknown botnets. To deal with these problems, this paper proposes a flow summary and graph sampling based botnet detection method using machine learning algorithms. Firstly, the network flow data is aggregated according to the source host IPs, and the flow summary records are generated within a duration of time window. Meanwhile, we use graph sampling technology to obtain a subset of entire graph, obtaining 4 graph features which are added to the flow summary records. Afterwards, decision tree, random forest and XGBoost machine learning classification models are built to validate the performance of our method. The experimental results on the Bot- IoT and CTU-13 datasets show that the method we proposed can effectively detect botnet traffic and unknown botnets.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
