Botnet detection based on Markov chain and Fuzzy rough set

Q1 Engineering 电网技术 Pub Date : 2024-05-15 DOI:10.52783/pst.390
Aziz Ezzatneshan
{"title":"Botnet detection based on Markov chain and Fuzzy rough set","authors":"Aziz Ezzatneshan","doi":"10.52783/pst.390","DOIUrl":null,"url":null,"abstract":"Botnets now make up a wide range of cyber-attacks, which are a network of infected computers connected to the Internet, with remote control. So far, a lot of research has been done in this field, the proposed methods are based on the signatures of discovered botnets, anomalies, traffic behavior, and addresses. Each method has both advantages and disadvantages. This research proposes a structure for performing identification operations, which is presented in this research based on the Markov chain and is based on behavioral analysis. A disadvantage of the past methods is the inability to receive network information at a very high speed. In this research, it has tried using a solution to receive traffic at a very high speed of about 40 Gbps and analyze it. To be able to perform the analysis with a lower overhead. The proposed method can investigate the behavior of botnets by examining the area of behavior better than the previous solutions, and as a result, during the solutions used by botnets to hide their behavior, it can counter and identify suspicious flows. The accuracy of the proposed method was found to be 96.170%.\nDOI: https://doi.org/10.52783/pst.390","PeriodicalId":20420,"journal":{"name":"电网技术","volume":"68 46","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"电网技术","FirstCategoryId":"1087","ListUrlMain":"https://doi.org/10.52783/pst.390","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 0

Abstract

Botnets now make up a wide range of cyber-attacks, which are a network of infected computers connected to the Internet, with remote control. So far, a lot of research has been done in this field, the proposed methods are based on the signatures of discovered botnets, anomalies, traffic behavior, and addresses. Each method has both advantages and disadvantages. This research proposes a structure for performing identification operations, which is presented in this research based on the Markov chain and is based on behavioral analysis. A disadvantage of the past methods is the inability to receive network information at a very high speed. In this research, it has tried using a solution to receive traffic at a very high speed of about 40 Gbps and analyze it. To be able to perform the analysis with a lower overhead. The proposed method can investigate the behavior of botnets by examining the area of behavior better than the previous solutions, and as a result, during the solutions used by botnets to hide their behavior, it can counter and identify suspicious flows. The accuracy of the proposed method was found to be 96.170%. DOI: https://doi.org/10.52783/pst.390
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于马尔可夫链和模糊粗糙集的僵尸网络检测
僵尸网络是由连接到互联网的受感染计算机组成的网络,具有远程控制功能。迄今为止,这一领域已经开展了大量研究,提出的方法都是基于已发现的僵尸网络的特征、异常情况、流量行为和地址。每种方法都各有利弊。本研究提出了一种执行识别操作的结构,该结构基于马尔可夫链,并以行为分析为基础。以往方法的缺点是无法以极高的速度接收网络信息。本研究尝试使用一种解决方案,以大约 40 Gbps 的极高速度接收流量并进行分析。为了能够以较低的开销进行分析。与之前的解决方案相比,所提出的方法能更好地通过检查行为区域来调查僵尸网络的行为,因此,在僵尸网络用来隐藏其行为的解决方案中,它能反击和识别可疑流量。该方法的准确率为 96.170%。DOI: https://doi.org/10.52783/pst.390
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
电网技术
电网技术 Engineering-Mechanical Engineering
CiteScore
7.30
自引率
0.00%
发文量
13735
期刊介绍: "Power System Technology" (monthly) was founded in 1957. It is a comprehensive academic journal in the field of energy and power, supervised and sponsored by the State Grid Corporation of China. It is published by the Power System Technology Magazine Co., Ltd. of the China Electric Power Research Institute. It is publicly distributed at home and abroad and is included in 12 famous domestic and foreign literature databases such as the Engineering Index (EI) and the National Chinese Core Journals. The purpose of "Power System Technology" is to serve the national innovation-driven development strategy, promote scientific and technological progress in my country's energy and power fields, and promote the application of new technologies and new products. "Power System Technology" has adhered to the publishing characteristics of combining "theoretical innovation with applied practice" for many years, and the scope of manuscript selection covers the fields of power generation, transmission, distribution, and electricity consumption.
期刊最新文献
Proposing a Novel System for Measuring the Effectiveness of Validating Customers of the Banking System based on the System Dynamics Inclusive Teaching: Stressors, Impact of Stress, and Coping Strategies of Teachers in Public Schools Inclusive Teachers’ Engagement, Job Satisfaction and Retention in Public Schools of Mandaue City, Cebu Examining the Application of Deep LSTM Neural Networks in Steganography of Textual Information in Digital Images Examining Sustainable Urban Design Pattern by Explaining the Compatibility Model based on Density in Residential Fabrics of District 4th in Tehran City
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1