Pub Date : 2019-11-01DOI: 10.1109/MILCOM47813.2019.9021084
Yujung Roh, Seungjae Jung, Joonhyuk Kang
An unmanned aerial vehicle (UAV)-aided network is becoming a promising application for the future wireless communication due to the flexible deployment and dominant line-of-sight channel. In this paper, we consider the UAV is operated as a cooperative jammer to enhance the physical layer security of the ground legitimated nodes in the presence of an eavesdropper (Eve). Furthermore, we assume that the UAV has imperfect information on the locations of the receiver and Eve due to GPS jamming and covert operation of Eve, respectively. With these uncertainties of the nodes' locations, we formulate a robust joint optimization problem of the UAV's jamming power and trajectory to maximize the average secrecy rate. To handle the non-convexity of the optimization problem, we propose an iterative suboptimal algorithm based on the block coordinate descent method. Simulation results present that the proposed algorithm has outstanding performance in terms of physical layer security compared to other benchmark methods.
{"title":"Cooperative UAV Jammer for Enhancing Physical Layer Security: Robust Design for Jamming Power and Trajectory","authors":"Yujung Roh, Seungjae Jung, Joonhyuk Kang","doi":"10.1109/MILCOM47813.2019.9021084","DOIUrl":"https://doi.org/10.1109/MILCOM47813.2019.9021084","url":null,"abstract":"An unmanned aerial vehicle (UAV)-aided network is becoming a promising application for the future wireless communication due to the flexible deployment and dominant line-of-sight channel. In this paper, we consider the UAV is operated as a cooperative jammer to enhance the physical layer security of the ground legitimated nodes in the presence of an eavesdropper (Eve). Furthermore, we assume that the UAV has imperfect information on the locations of the receiver and Eve due to GPS jamming and covert operation of Eve, respectively. With these uncertainties of the nodes' locations, we formulate a robust joint optimization problem of the UAV's jamming power and trajectory to maximize the average secrecy rate. To handle the non-convexity of the optimization problem, we propose an iterative suboptimal algorithm based on the block coordinate descent method. Simulation results present that the proposed algorithm has outstanding performance in terms of physical layer security compared to other benchmark methods.","PeriodicalId":371812,"journal":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","volume":"115 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127228598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-11-01DOI: 10.1109/MILCOM47813.2019.9020807
D. Adesina, J. Bassey, Lijun Qian
In future wireless systems, intelligent capabilities are of utmost importance. To efficiently utilize resources, communication systems require knowledge of the prevalent situation in a frequency band through learning. To learn appropriately, it is critical for practitioners to select the right parameters in building learning models, use the appropriate algorithms and performance evaluation methods. In this paper, we evaluate the performance of some deep learning models compared to other machine learning methods, explore the different scenarios in which deep learning can be used for radio frequency (RF) monitoring, and evaluate performance in the various scenarios. Our work looks at the best practices and procedures for developing intelligent RF Learning. Specifically, we analysed over-the-air RF dataset collected from a USRP-based testbed to identify the number of interfering devices as a case study. From the obtained results, we discuss how Signal-to-Noise Ratio (SNR) selection for training affects the model performance as it relates to practical implementation of Deep Learning in communications systems.
{"title":"Practical Radio Frequency Learning for Future Wireless Communication Systems","authors":"D. Adesina, J. Bassey, Lijun Qian","doi":"10.1109/MILCOM47813.2019.9020807","DOIUrl":"https://doi.org/10.1109/MILCOM47813.2019.9020807","url":null,"abstract":"In future wireless systems, intelligent capabilities are of utmost importance. To efficiently utilize resources, communication systems require knowledge of the prevalent situation in a frequency band through learning. To learn appropriately, it is critical for practitioners to select the right parameters in building learning models, use the appropriate algorithms and performance evaluation methods. In this paper, we evaluate the performance of some deep learning models compared to other machine learning methods, explore the different scenarios in which deep learning can be used for radio frequency (RF) monitoring, and evaluate performance in the various scenarios. Our work looks at the best practices and procedures for developing intelligent RF Learning. Specifically, we analysed over-the-air RF dataset collected from a USRP-based testbed to identify the number of interfering devices as a case study. From the obtained results, we discuss how Signal-to-Noise Ratio (SNR) selection for training affects the model performance as it relates to practical implementation of Deep Learning in communications systems.","PeriodicalId":371812,"journal":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130386886","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-11-01DOI: 10.1109/MILCOM47813.2019.9020774
Ioannis Agadakos, Gabriela F. Cretu-Ciocarlie, Bogdan Copos, M. Emmi, Jemin George, Nandi O. Leslie, James R. Michaelis
Continued advances in IoT technology have prompted new investigation into its usage for military operations, both to augment and complement existing military sensing assets and support next-generation artificial intelligence and machine learning systems. Under the emerging Internet of Battlefield Things (IoBT) paradigm, current operational conditions necessitate the development of novel security techniques, centered on establishment of trust for individual assets and supporting resilience of broader systems. To advance current IoBT efforts, a collection of prior-developed cybersecurity techniques is reviewed for applicability to conditions presented by IoBT operational environments (e.g., diverse asset ownership, degraded networking infrastructure, adversary activities) through use of supporting case study examples. The research techniques covered focus on two themes: (1) Supporting trust assessment for known/unknown IoT assets; (2) ensuring continued trust of known IoT assets and IoBT systems.
{"title":"Application of Trust Assessment Techniques to IoBT Systems","authors":"Ioannis Agadakos, Gabriela F. Cretu-Ciocarlie, Bogdan Copos, M. Emmi, Jemin George, Nandi O. Leslie, James R. Michaelis","doi":"10.1109/MILCOM47813.2019.9020774","DOIUrl":"https://doi.org/10.1109/MILCOM47813.2019.9020774","url":null,"abstract":"Continued advances in IoT technology have prompted new investigation into its usage for military operations, both to augment and complement existing military sensing assets and support next-generation artificial intelligence and machine learning systems. Under the emerging Internet of Battlefield Things (IoBT) paradigm, current operational conditions necessitate the development of novel security techniques, centered on establishment of trust for individual assets and supporting resilience of broader systems. To advance current IoBT efforts, a collection of prior-developed cybersecurity techniques is reviewed for applicability to conditions presented by IoBT operational environments (e.g., diverse asset ownership, degraded networking infrastructure, adversary activities) through use of supporting case study examples. The research techniques covered focus on two themes: (1) Supporting trust assessment for known/unknown IoT assets; (2) ensuring continued trust of known IoT assets and IoBT systems.","PeriodicalId":371812,"journal":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128026837","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-11-01DOI: 10.1109/MILCOM47813.2019.9020777
Jongdeog Lee, Suk Min Hwang, T. Abdelzaher, K. Marcus, K. Chan
In an age of data overload and scenarios that require fast-distributed situational understanding, we envision that content summarization services will become a critical capability of underlying networked systems. Previous work, called InfoMax, proposed such a service in the transport layer to minimize semantic redundancy of transmitted content and maximize information coverage. Here, we extended this work in three ways. First, we adapted summarization to the needs of streaming content and developed a corresponding publish-subscribe protocol (called Pub/Sub-Sum) with on-the-fly extractive summarization of continuous content streams (as opposed to extractive summarization of fixed data sets). Next, we supported many-to-many communication between publishers and subscribers, as opposed to InfoMax, which was designed to disseminate data from one producer to multiple consumers. Lastly, we introduce a new type of congestion handling mechanism that adaptively controls the level of summarization by considering available network bandwidth. We conducted experiments for functionality and performance on Mininet (a network emulator) and on a real device testbed. Evaluation results indicated that the new protocol summarizes data appropriately to available network resources, offering an improved compromise between received data quality and resource consumption.
{"title":"Pub/Sub-Sum: A Content Summarization Pub/Sub Protocol for Information-Centric Networks","authors":"Jongdeog Lee, Suk Min Hwang, T. Abdelzaher, K. Marcus, K. Chan","doi":"10.1109/MILCOM47813.2019.9020777","DOIUrl":"https://doi.org/10.1109/MILCOM47813.2019.9020777","url":null,"abstract":"In an age of data overload and scenarios that require fast-distributed situational understanding, we envision that content summarization services will become a critical capability of underlying networked systems. Previous work, called InfoMax, proposed such a service in the transport layer to minimize semantic redundancy of transmitted content and maximize information coverage. Here, we extended this work in three ways. First, we adapted summarization to the needs of streaming content and developed a corresponding publish-subscribe protocol (called Pub/Sub-Sum) with on-the-fly extractive summarization of continuous content streams (as opposed to extractive summarization of fixed data sets). Next, we supported many-to-many communication between publishers and subscribers, as opposed to InfoMax, which was designed to disseminate data from one producer to multiple consumers. Lastly, we introduce a new type of congestion handling mechanism that adaptively controls the level of summarization by considering available network bandwidth. We conducted experiments for functionality and performance on Mininet (a network emulator) and on a real device testbed. Evaluation results indicated that the new protocol summarizes data appropriately to available network resources, offering an improved compromise between received data quality and resource consumption.","PeriodicalId":371812,"journal":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133700100","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-11-01DOI: 10.1109/MILCOM47813.2019.9020863
R. Lopes, Pooja Hanavadi Balaraju, Adrián Toribio Silva, Paulo H. L. Rettore, P. Sevenich
In this paper, we discuss experimental results testing a hierarchy of queues controlling the user data-flow over a VHF network with ever-changing data rates (up to 9.6 kbps). We challenged our solution creating three patterns of ever-changing data rates using a stochastic model to include the element of chance (randomness) that can be reproduced for quantitative comparisons. We discuss numbers showing that our queuing mechanism adapts its behavior (i.e. shaping the user data-flow) to the network conditions using feedback from the radio buffer (reactive) and from the routing protocol (proactive). Thus, our hybrid solution monitors the radio buffer occupancy to pause the transmission when a threshold is crossed, and proactively adds an inter-packet interval (IPI). The IPI varies as a function of the link data rate (computed by a tactical router), current network usage, packet loss and latency. The experimental results show three queues (for messages, IP packets and the radio buffer) complementing each other to handle different network conditions while transmitting a message that surely overflows the radio buffer (four times the buffer size).
{"title":"Experiments with a Queuing Mechanism over Ever-Changing Data Rates in a VHF Network","authors":"R. Lopes, Pooja Hanavadi Balaraju, Adrián Toribio Silva, Paulo H. L. Rettore, P. Sevenich","doi":"10.1109/MILCOM47813.2019.9020863","DOIUrl":"https://doi.org/10.1109/MILCOM47813.2019.9020863","url":null,"abstract":"In this paper, we discuss experimental results testing a hierarchy of queues controlling the user data-flow over a VHF network with ever-changing data rates (up to 9.6 kbps). We challenged our solution creating three patterns of ever-changing data rates using a stochastic model to include the element of chance (randomness) that can be reproduced for quantitative comparisons. We discuss numbers showing that our queuing mechanism adapts its behavior (i.e. shaping the user data-flow) to the network conditions using feedback from the radio buffer (reactive) and from the routing protocol (proactive). Thus, our hybrid solution monitors the radio buffer occupancy to pause the transmission when a threshold is crossed, and proactively adds an inter-packet interval (IPI). The IPI varies as a function of the link data rate (computed by a tactical router), current network usage, packet loss and latency. The experimental results show three queues (for messages, IP packets and the radio buffer) complementing each other to handle different network conditions while transmitting a message that surely overflows the radio buffer (four times the buffer size).","PeriodicalId":371812,"journal":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","volume":"86 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134352252","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-11-01DOI: 10.1109/MILCOM47813.2019.9020935
Srijita Mukherjee, K. Namuduri
Flocking and deconfliction are two important functional aspects of swarms. Flocking in Unmanned Aerial Vehicle (UAV) swarms refers to UAVs flying in a pattern whereas deconfliction refers to collision avoidance. Flocking enables communications and information sharing among neighbors. This paper presents a distributed model and establishes the necessary control laws for joint flocking and deconfliction. The proposed model and control laws are developed based on the principles of consensus-building and social potential functions. Experiments with promising results are presented to support the derived model.
{"title":"Joint Flocking and Deconfliction in Unmanned Aerial Vehicle Swarms","authors":"Srijita Mukherjee, K. Namuduri","doi":"10.1109/MILCOM47813.2019.9020935","DOIUrl":"https://doi.org/10.1109/MILCOM47813.2019.9020935","url":null,"abstract":"Flocking and deconfliction are two important functional aspects of swarms. Flocking in Unmanned Aerial Vehicle (UAV) swarms refers to UAVs flying in a pattern whereas deconfliction refers to collision avoidance. Flocking enables communications and information sharing among neighbors. This paper presents a distributed model and establishes the necessary control laws for joint flocking and deconfliction. The proposed model and control laws are developed based on the principles of consensus-building and social potential functions. Experiments with promising results are presented to support the derived model.","PeriodicalId":371812,"journal":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133104536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-11-01DOI: 10.1109/MILCOM47813.2019.9020977
Liangdong Deng, Yuzhou Feng, Dong Chen, N. Rishe
The Internet of Things (IoT) has been erupting the world widely over the decade. Smart home owners and smart building managers are increasingly deploying IoT devices to monitor and control their environments due to the rapid decline in the price of IoT devices. The network traffic data produced by these IoT devices are collected by Internet Service Providers (ISPs) and telecom providers, and often shared with third-parties to maintain and promote user services. Such network traffic data is considered “anonymous” if it is not associated with identifying device information, e.g., MAC address and DHCP negotiation. Extensive prior work has shown that IoT devices are vulnerable to multiple cyber attacks. However, people do not believe that these attacks can be launched successfully without the knowledge of what IoT devices are deployed in their houses. Our key insight is that the network traffic data is not anonymous: IoT devices have unique network traffic patterns, and they embedded detailed device information. To explore the severity and extent of this privacy threat, we design IoTSpot to identify the IoT devices using their “anonymous” network traffic data. We evaluate IoTSpot on publicly-available network traffic data from 3 homes. We find that IoTSpot is able to identify 19 IoT devices with F1 accuracy of 0.984. More importantly, our approach only requires very limited data for training, as few as 40 minutes. IoTSpot paves the way for operators of smart homes and smart buildings to monitor the functionality, security and privacy threat without requiring any additional devices.
{"title":"IoTSpot: Identifying the IoT Devices Using their Anonymous Network Traffic Data","authors":"Liangdong Deng, Yuzhou Feng, Dong Chen, N. Rishe","doi":"10.1109/MILCOM47813.2019.9020977","DOIUrl":"https://doi.org/10.1109/MILCOM47813.2019.9020977","url":null,"abstract":"The Internet of Things (IoT) has been erupting the world widely over the decade. Smart home owners and smart building managers are increasingly deploying IoT devices to monitor and control their environments due to the rapid decline in the price of IoT devices. The network traffic data produced by these IoT devices are collected by Internet Service Providers (ISPs) and telecom providers, and often shared with third-parties to maintain and promote user services. Such network traffic data is considered “anonymous” if it is not associated with identifying device information, e.g., MAC address and DHCP negotiation. Extensive prior work has shown that IoT devices are vulnerable to multiple cyber attacks. However, people do not believe that these attacks can be launched successfully without the knowledge of what IoT devices are deployed in their houses. Our key insight is that the network traffic data is not anonymous: IoT devices have unique network traffic patterns, and they embedded detailed device information. To explore the severity and extent of this privacy threat, we design IoTSpot to identify the IoT devices using their “anonymous” network traffic data. We evaluate IoTSpot on publicly-available network traffic data from 3 homes. We find that IoTSpot is able to identify 19 IoT devices with F1 accuracy of 0.984. More importantly, our approach only requires very limited data for training, as few as 40 minutes. IoTSpot paves the way for operators of smart homes and smart buildings to monitor the functionality, security and privacy threat without requiring any additional devices.","PeriodicalId":371812,"journal":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131035577","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-11-01DOI: 10.1109/MILCOM47813.2019.9020925
S. Russell, T. Abdelzaher, Niranjan Suri
This paper reviews the definitions and characteristics of military effects, the Internet of Battlefield Things (IoBT), and their impact on decision processes in a Multi-Domain Operating environment (MDO). The aspects of contemporary military decision-processes are illustrated and an MDO Effect Loop decision process is introduced. We examine the concept of IoBT effects and their implications in MDO. These implications suggest that when considering the concept of MDO, as a doctrine, the technological advances of IoBTs empower enhancements in decision frameworks and increase the viability of novel operational approaches and options for military effects.
{"title":"Multi-Domain Effects and the Internet of Battlefield Things","authors":"S. Russell, T. Abdelzaher, Niranjan Suri","doi":"10.1109/MILCOM47813.2019.9020925","DOIUrl":"https://doi.org/10.1109/MILCOM47813.2019.9020925","url":null,"abstract":"This paper reviews the definitions and characteristics of military effects, the Internet of Battlefield Things (IoBT), and their impact on decision processes in a Multi-Domain Operating environment (MDO). The aspects of contemporary military decision-processes are illustrated and an MDO Effect Loop decision process is introduced. We examine the concept of IoBT effects and their implications in MDO. These implications suggest that when considering the concept of MDO, as a doctrine, the technological advances of IoBTs empower enhancements in decision frameworks and increase the viability of novel operational approaches and options for military effects.","PeriodicalId":371812,"journal":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114590661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2019-11-01DOI: 10.1109/MILCOM47813.2019.9020783
J. Pendergrass, Nathan Hull, John Clemens, S. Helble, M. Thober, K. McGill, Machon B. Gregory, Peter Loscocco
Userspace integrity is a necessary and often-overlooked component of overall system integrity. We present the concept of userspace integrity measurement to validate the state of the system against a set of carefully chosen invariants based on the expected behavior of userspace and key behaviors of advanced malware. Userspace integrity measurement may be combined with existing filesystem and kernel integrity measurement approaches to both provide stronger guarantees that a platform is executing the expected software and that the software is in an expected state. We also introduce the Userspace Integrity Measurement (USIM) Toolkit, a preliminary set of integrity measurement tools to detect advanced malware threats, such as memory-only implants, that evade traditional defenses.
{"title":"Runtime Detection of Userspace Implants","authors":"J. Pendergrass, Nathan Hull, John Clemens, S. Helble, M. Thober, K. McGill, Machon B. Gregory, Peter Loscocco","doi":"10.1109/MILCOM47813.2019.9020783","DOIUrl":"https://doi.org/10.1109/MILCOM47813.2019.9020783","url":null,"abstract":"Userspace integrity is a necessary and often-overlooked component of overall system integrity. We present the concept of userspace integrity measurement to validate the state of the system against a set of carefully chosen invariants based on the expected behavior of userspace and key behaviors of advanced malware. Userspace integrity measurement may be combined with existing filesystem and kernel integrity measurement approaches to both provide stronger guarantees that a platform is executing the expected software and that the software is in an expected state. We also introduce the Userspace Integrity Measurement (USIM) Toolkit, a preliminary set of integrity measurement tools to detect advanced malware threats, such as memory-only implants, that evade traditional defenses.","PeriodicalId":371812,"journal":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122177050","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Botnets have been a major area of concern in the field of cybersecurity. There have been a lot of research works for detection of botnets. However, everyday cybercriminals are coming up with new ideas to counter the well-known detection methods. One such popular method is domain flux-based botnets in which a large number of domain names are produced using domain generation algorithm. In this paper, we have proposed a robust way of detecting DGA-based botnets using few novel features covering both syntactic and semantic viewpoints. We have used Area under ROC curve as our performance metric since it provides comprehensive information about the performance of binary classifiers at various thresholds. Results show that our approach performs significantly better than the baseline approach. Our proposed method can help in detecting established DGA bots (equipped with extensive features) as well as prospective advanced DGA bots imitating real-world domain names.
{"title":"Domain Flux-based DGA Botnet Detection Using Feedforward Neural Network","authors":"Md. Ishtiaq Ashiq, Protick Bhowmick, Md. Shohrab Hossain, Husnu S. Narman","doi":"10.1109/MILCOM47813.2019.9020730","DOIUrl":"https://doi.org/10.1109/MILCOM47813.2019.9020730","url":null,"abstract":"Botnets have been a major area of concern in the field of cybersecurity. There have been a lot of research works for detection of botnets. However, everyday cybercriminals are coming up with new ideas to counter the well-known detection methods. One such popular method is domain flux-based botnets in which a large number of domain names are produced using domain generation algorithm. In this paper, we have proposed a robust way of detecting DGA-based botnets using few novel features covering both syntactic and semantic viewpoints. We have used Area under ROC curve as our performance metric since it provides comprehensive information about the performance of binary classifiers at various thresholds. Results show that our approach performs significantly better than the baseline approach. Our proposed method can help in detecting established DGA bots (equipped with extensive features) as well as prospective advanced DGA bots imitating real-world domain names.","PeriodicalId":371812,"journal":{"name":"MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114796529","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: