Rana M. Faek, Mohammad Al-Fawa'reh, Mustafa A. Al-Fayoumi
{"title":"Exposing Bot Attacks Using Machine Learning and Flow Level Analysis","authors":"Rana M. Faek, Mohammad Al-Fawa'reh, Mustafa A. Al-Fayoumi","doi":"10.1145/3460620.3460739","DOIUrl":null,"url":null,"abstract":"Botnets represent a major threat to Internet security that have continuously developed in scale and complexity. Command-and-control servers (C&C) send commands to bots that execute and perform these commands, thereby implementing attacks such as distributed denial-of-service (DDoS), spam campaigns, or the scanning of compromised hosts. The detection of volumetric attacks in large and complex networks requires an efficient mechanism. Botnet behavior should be analyzed in order to save the network from attack, and preventive measures should be implemented in time. Anomalous botnet tracking strategies are more efficient than signature-based ones, since botnet detection methods rely on anomalies and do not need pre-constructed botnet signatures, therefore they can detect new or unidentified botnets. We use Netflow and machine learning algorithms in this paper to also improve the detection process for intrusion detection algorithms with a novel dataset. We implemented a number of algorithms in our lightweight model to show that Random Forests get the highest accuracy for the algorithms used.","PeriodicalId":36824,"journal":{"name":"Data","volume":"112 1","pages":""},"PeriodicalIF":2.2000,"publicationDate":"2021-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Data","FirstCategoryId":"90","ListUrlMain":"https://doi.org/10.1145/3460620.3460739","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 3
Abstract
Botnets represent a major threat to Internet security that have continuously developed in scale and complexity. Command-and-control servers (C&C) send commands to bots that execute and perform these commands, thereby implementing attacks such as distributed denial-of-service (DDoS), spam campaigns, or the scanning of compromised hosts. The detection of volumetric attacks in large and complex networks requires an efficient mechanism. Botnet behavior should be analyzed in order to save the network from attack, and preventive measures should be implemented in time. Anomalous botnet tracking strategies are more efficient than signature-based ones, since botnet detection methods rely on anomalies and do not need pre-constructed botnet signatures, therefore they can detect new or unidentified botnets. We use Netflow and machine learning algorithms in this paper to also improve the detection process for intrusion detection algorithms with a novel dataset. We implemented a number of algorithms in our lightweight model to show that Random Forests get the highest accuracy for the algorithms used.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
