P. Salvador, A. Nogueira, Ulisses França, R. Valadas
{"title":"基于神经网络的僵尸检测框架","authors":"P. Salvador, A. Nogueira, Ulisses França, R. Valadas","doi":"10.1109/ICIMP.2009.10","DOIUrl":null,"url":null,"abstract":"One of the most important threats to personal and corporate Internet security is the proliferation of Zombie PCs operating as an organized network. Zombie detection is currently performed at the host level and/or network level, but these options have some important drawbacks: antivirus, anti-spyware and personal firewalls are ineffective in the detection of hosts that are compromised via new or target-specific malicious software, while network firewalls and Intrusion Detection Systems were developed to protect the network from external attacks but they were not designed to detect and protect against vulnerabilities that are already present inside the local area network. This paper presents a new approach, based on neural networks, that is able to detect Zombie PCs based on the historical traffic profiles presented by \"licit\" and \"illicit\" network applications. The evaluation of the proposed methodology relies on traffic traces obtained in a controlled environment and composed by licit traffic measured from normal activity of network applications and malicious traffic synthetically generated using the SubSeven backdoor. The results obtained show that the proposed methodology is able to achieve good identification results, being at the same time computationally efficient and easy to deploy in real network scenarios.","PeriodicalId":165157,"journal":{"name":"2009 Fourth International Conference on Internet Monitoring and Protection","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-05-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":"{\"title\":\"Framework for Zombie Detection Using Neural Networks\",\"authors\":\"P. Salvador, A. Nogueira, Ulisses França, R. Valadas\",\"doi\":\"10.1109/ICIMP.2009.10\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"One of the most important threats to personal and corporate Internet security is the proliferation of Zombie PCs operating as an organized network. Zombie detection is currently performed at the host level and/or network level, but these options have some important drawbacks: antivirus, anti-spyware and personal firewalls are ineffective in the detection of hosts that are compromised via new or target-specific malicious software, while network firewalls and Intrusion Detection Systems were developed to protect the network from external attacks but they were not designed to detect and protect against vulnerabilities that are already present inside the local area network. This paper presents a new approach, based on neural networks, that is able to detect Zombie PCs based on the historical traffic profiles presented by \\\"licit\\\" and \\\"illicit\\\" network applications. The evaluation of the proposed methodology relies on traffic traces obtained in a controlled environment and composed by licit traffic measured from normal activity of network applications and malicious traffic synthetically generated using the SubSeven backdoor. The results obtained show that the proposed methodology is able to achieve good identification results, being at the same time computationally efficient and easy to deploy in real network scenarios.\",\"PeriodicalId\":165157,\"journal\":{\"name\":\"2009 Fourth International Conference on Internet Monitoring and Protection\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-05-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"33\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 Fourth International Conference on Internet Monitoring and Protection\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIMP.2009.10\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 Fourth International Conference on Internet Monitoring and Protection","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIMP.2009.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Framework for Zombie Detection Using Neural Networks
One of the most important threats to personal and corporate Internet security is the proliferation of Zombie PCs operating as an organized network. Zombie detection is currently performed at the host level and/or network level, but these options have some important drawbacks: antivirus, anti-spyware and personal firewalls are ineffective in the detection of hosts that are compromised via new or target-specific malicious software, while network firewalls and Intrusion Detection Systems were developed to protect the network from external attacks but they were not designed to detect and protect against vulnerabilities that are already present inside the local area network. This paper presents a new approach, based on neural networks, that is able to detect Zombie PCs based on the historical traffic profiles presented by "licit" and "illicit" network applications. The evaluation of the proposed methodology relies on traffic traces obtained in a controlled environment and composed by licit traffic measured from normal activity of network applications and malicious traffic synthetically generated using the SubSeven backdoor. The results obtained show that the proposed methodology is able to achieve good identification results, being at the same time computationally efficient and easy to deploy in real network scenarios.