如何从不同的僵尸网络检测系统中进行选择?

NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium Pub Date : 2016-07-04 DOI:10.1109/NOMS.2016.7502964

Fariba Haddadi, Duong-Tien Phan, A. N. Zincir-Heywood

{"title":"如何从不同的僵尸网络检测系统中进行选择?","authors":"Fariba Haddadi, Duong-Tien Phan, A. N. Zincir-Heywood","doi":"10.1109/NOMS.2016.7502964","DOIUrl":null,"url":null,"abstract":"Given that botnets represent one of the most aggressive threats against cybersecurity, various detection approaches have been studied. However, whichever approach is used, the evolving nature of botnets and the required pre-defined botnet detection rule sets employed may affect the performance of detection systems. In this work, we explore the effectiveness two rule based systems and two machine learning (ML) based techniques with different feature extraction methods (packet payload based and traffic flow based). The performance of these detection systems range from 0% to 100% on thirteen public botnet data sets (i.e. CTU-13). We further analyze the performances of these systems in order to understand which type of a detection system is more effective for which type of an application.","PeriodicalId":344879,"journal":{"name":"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium","volume":"64 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"How to choose from different botnet detection systems?\",\"authors\":\"Fariba Haddadi, Duong-Tien Phan, A. N. Zincir-Heywood\",\"doi\":\"10.1109/NOMS.2016.7502964\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Given that botnets represent one of the most aggressive threats against cybersecurity, various detection approaches have been studied. However, whichever approach is used, the evolving nature of botnets and the required pre-defined botnet detection rule sets employed may affect the performance of detection systems. In this work, we explore the effectiveness two rule based systems and two machine learning (ML) based techniques with different feature extraction methods (packet payload based and traffic flow based). The performance of these detection systems range from 0% to 100% on thirteen public botnet data sets (i.e. CTU-13). We further analyze the performances of these systems in order to understand which type of a detection system is more effective for which type of an application.\",\"PeriodicalId\":344879,\"journal\":{\"name\":\"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium\",\"volume\":\"64 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-07-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NOMS.2016.7502964\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NOMS.2016.7502964","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

摘要

鉴于僵尸网络是对网络安全最具侵略性的威胁之一，人们研究了各种检测方法。然而，无论采用哪种方法，僵尸网络的演变性质和所需的预定义僵尸网络检测规则集可能会影响检测系统的性能。在这项工作中，我们探索了两种基于规则的系统和两种基于机器学习(ML)的技术的有效性，这些技术具有不同的特征提取方法(基于数据包有效载荷和基于流量)。这些检测系统在13个公共僵尸网络数据集(即CTU-13)上的性能从0%到100%不等。我们进一步分析了这些系统的性能，以便了解哪种类型的检测系统对哪种类型的应用程序更有效。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

How to choose from different botnet detection systems?

Given that botnets represent one of the most aggressive threats against cybersecurity, various detection approaches have been studied. However, whichever approach is used, the evolving nature of botnets and the required pre-defined botnet detection rule sets employed may affect the performance of detection systems. In this work, we explore the effectiveness two rule based systems and two machine learning (ML) based techniques with different feature extraction methods (packet payload based and traffic flow based). The performance of these detection systems range from 0% to 100% on thirteen public botnet data sets (i.e. CTU-13). We further analyze the performances of these systems in order to understand which type of a detection system is more effective for which type of an application.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium

自引率

0.00%

发文量

期刊最新文献

PIoT: Programmable IoT using Information Centric Networking Workload interleaving with performance guarantees in data centers Outsourced invoice service: Service-clearing as SaaS in mobility service marketplaces Dynamic load management for IMS networks using network function virtualization On-demand dynamic network service deployment over NaaS architecture