基于神经网络的僵尸检测框架

P. Salvador, A. Nogueira, Ulisses França, R. Valadas
{"title":"基于神经网络的僵尸检测框架","authors":"P. Salvador, A. Nogueira, Ulisses França, R. Valadas","doi":"10.1109/ICIMP.2009.10","DOIUrl":null,"url":null,"abstract":"One of the most important threats to personal and corporate Internet security is the proliferation of Zombie PCs operating as an organized network. Zombie detection is currently performed at the host level and/or network level, but these options have some important drawbacks: antivirus, anti-spyware and personal firewalls are ineffective in the detection of hosts that are compromised via new or target-specific malicious software, while network firewalls and Intrusion Detection Systems were developed to protect the network from external attacks but they were not designed to detect and protect against vulnerabilities that are already present inside the local area network. This paper presents a new approach, based on neural networks, that is able to detect Zombie PCs based on the historical traffic profiles presented by \"licit\" and \"illicit\" network applications. The evaluation of the proposed methodology relies on traffic traces obtained in a controlled environment and composed by licit traffic measured from normal activity of network applications and malicious traffic synthetically generated using the SubSeven backdoor. The results obtained show that the proposed methodology is able to achieve good identification results, being at the same time computationally efficient and easy to deploy in real network scenarios.","PeriodicalId":165157,"journal":{"name":"2009 Fourth International Conference on Internet Monitoring and Protection","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":"{\"title\":\"Framework for Zombie Detection Using Neural Networks\",\"authors\":\"P. Salvador, A. Nogueira, Ulisses França, R. Valadas\",\"doi\":\"10.1109/ICIMP.2009.10\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"One of the most important threats to personal and corporate Internet security is the proliferation of Zombie PCs operating as an organized network. Zombie detection is currently performed at the host level and/or network level, but these options have some important drawbacks: antivirus, anti-spyware and personal firewalls are ineffective in the detection of hosts that are compromised via new or target-specific malicious software, while network firewalls and Intrusion Detection Systems were developed to protect the network from external attacks but they were not designed to detect and protect against vulnerabilities that are already present inside the local area network. This paper presents a new approach, based on neural networks, that is able to detect Zombie PCs based on the historical traffic profiles presented by \\\"licit\\\" and \\\"illicit\\\" network applications. The evaluation of the proposed methodology relies on traffic traces obtained in a controlled environment and composed by licit traffic measured from normal activity of network applications and malicious traffic synthetically generated using the SubSeven backdoor. The results obtained show that the proposed methodology is able to achieve good identification results, being at the same time computationally efficient and easy to deploy in real network scenarios.\",\"PeriodicalId\":165157,\"journal\":{\"name\":\"2009 Fourth International Conference on Internet Monitoring and Protection\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-05-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"33\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Fourth International Conference on Internet Monitoring and Protection\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIMP.2009.10\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Fourth International Conference on Internet Monitoring and Protection","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIMP.2009.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 33

摘要

对个人和企业互联网安全最重要的威胁之一是僵尸电脑作为一个有组织的网络进行操作的扩散。僵尸检测目前在主机级和/或网络级执行,但这些选项有一些重要的缺点:反病毒、反间谍软件和个人防火墙在检测被新的或特定目标的恶意软件破坏的主机方面是无效的,而网络防火墙和入侵检测系统是为了保护网络免受外部攻击而开发的,但它们不是为了检测和保护局域网内已经存在的漏洞而设计的。本文提出了一种基于神经网络的新方法,该方法能够根据“合法”和“非法”网络应用程序呈现的历史流量概况来检测僵尸pc。所提出的方法的评估依赖于在受控环境中获得的流量轨迹,由从网络应用程序的正常活动中测量的合法流量和使用SubSeven后门合成的恶意流量组成。结果表明,该方法具有较好的识别效果,同时具有计算效率高、易于在实际网络场景中部署的特点。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Framework for Zombie Detection Using Neural Networks
One of the most important threats to personal and corporate Internet security is the proliferation of Zombie PCs operating as an organized network. Zombie detection is currently performed at the host level and/or network level, but these options have some important drawbacks: antivirus, anti-spyware and personal firewalls are ineffective in the detection of hosts that are compromised via new or target-specific malicious software, while network firewalls and Intrusion Detection Systems were developed to protect the network from external attacks but they were not designed to detect and protect against vulnerabilities that are already present inside the local area network. This paper presents a new approach, based on neural networks, that is able to detect Zombie PCs based on the historical traffic profiles presented by "licit" and "illicit" network applications. The evaluation of the proposed methodology relies on traffic traces obtained in a controlled environment and composed by licit traffic measured from normal activity of network applications and malicious traffic synthetically generated using the SubSeven backdoor. The results obtained show that the proposed methodology is able to achieve good identification results, being at the same time computationally efficient and easy to deploy in real network scenarios.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Usability of Visual Evoked Potentials as Behavioral Characteristics for Biometric Authentication Extraction of Parameters from Well Managed Networked System in Access Control Fuzzy Heuristic Design for Diagnosis of Web-Based Vulnerabilities Information Security Management is Not Only Risk Management Security in Peer-to-Peer Networks: Empiric Model of File Diffusion in BitTorrent
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1