{"title":"Botnet detection based on Markov chain and Fuzzy rough set","authors":"Aziz Ezzatneshan","doi":"10.52783/pst.390","DOIUrl":null,"url":null,"abstract":"Botnets now make up a wide range of cyber-attacks, which are a network of infected computers connected to the Internet, with remote control. So far, a lot of research has been done in this field, the proposed methods are based on the signatures of discovered botnets, anomalies, traffic behavior, and addresses. Each method has both advantages and disadvantages. This research proposes a structure for performing identification operations, which is presented in this research based on the Markov chain and is based on behavioral analysis. A disadvantage of the past methods is the inability to receive network information at a very high speed. In this research, it has tried using a solution to receive traffic at a very high speed of about 40 Gbps and analyze it. To be able to perform the analysis with a lower overhead. The proposed method can investigate the behavior of botnets by examining the area of behavior better than the previous solutions, and as a result, during the solutions used by botnets to hide their behavior, it can counter and identify suspicious flows. The accuracy of the proposed method was found to be 96.170%.\nDOI: https://doi.org/10.52783/pst.390","PeriodicalId":20420,"journal":{"name":"Power system technology","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Power system technology","FirstCategoryId":"1087","ListUrlMain":"https://doi.org/10.52783/pst.390","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"Engineering","Score":null,"Total":0}
引用次数: 0
Abstract
Botnets now make up a wide range of cyber-attacks, which are a network of infected computers connected to the Internet, with remote control. So far, a lot of research has been done in this field, the proposed methods are based on the signatures of discovered botnets, anomalies, traffic behavior, and addresses. Each method has both advantages and disadvantages. This research proposes a structure for performing identification operations, which is presented in this research based on the Markov chain and is based on behavioral analysis. A disadvantage of the past methods is the inability to receive network information at a very high speed. In this research, it has tried using a solution to receive traffic at a very high speed of about 40 Gbps and analyze it. To be able to perform the analysis with a lower overhead. The proposed method can investigate the behavior of botnets by examining the area of behavior better than the previous solutions, and as a result, during the solutions used by botnets to hide their behavior, it can counter and identify suspicious flows. The accuracy of the proposed method was found to be 96.170%.
DOI: https://doi.org/10.52783/pst.390
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
