Rana M. Faek, Mohammad Al-Fawa'reh, Mustafa A. Al-Fayoumi
{"title":"利用机器学习和流级分析揭露僵尸攻击","authors":"Rana M. Faek, Mohammad Al-Fawa'reh, Mustafa A. Al-Fayoumi","doi":"10.1145/3460620.3460739","DOIUrl":null,"url":null,"abstract":"Botnets represent a major threat to Internet security that have continuously developed in scale and complexity. Command-and-control servers (C&C) send commands to bots that execute and perform these commands, thereby implementing attacks such as distributed denial-of-service (DDoS), spam campaigns, or the scanning of compromised hosts. The detection of volumetric attacks in large and complex networks requires an efficient mechanism. Botnet behavior should be analyzed in order to save the network from attack, and preventive measures should be implemented in time. Anomalous botnet tracking strategies are more efficient than signature-based ones, since botnet detection methods rely on anomalies and do not need pre-constructed botnet signatures, therefore they can detect new or unidentified botnets. We use Netflow and machine learning algorithms in this paper to also improve the detection process for intrusion detection algorithms with a novel dataset. We implemented a number of algorithms in our lightweight model to show that Random Forests get the highest accuracy for the algorithms used.","PeriodicalId":36824,"journal":{"name":"Data","volume":"112 1","pages":""},"PeriodicalIF":2.2000,"publicationDate":"2021-04-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Exposing Bot Attacks Using Machine Learning and Flow Level Analysis\",\"authors\":\"Rana M. Faek, Mohammad Al-Fawa'reh, Mustafa A. Al-Fayoumi\",\"doi\":\"10.1145/3460620.3460739\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Botnets represent a major threat to Internet security that have continuously developed in scale and complexity. Command-and-control servers (C&C) send commands to bots that execute and perform these commands, thereby implementing attacks such as distributed denial-of-service (DDoS), spam campaigns, or the scanning of compromised hosts. The detection of volumetric attacks in large and complex networks requires an efficient mechanism. Botnet behavior should be analyzed in order to save the network from attack, and preventive measures should be implemented in time. Anomalous botnet tracking strategies are more efficient than signature-based ones, since botnet detection methods rely on anomalies and do not need pre-constructed botnet signatures, therefore they can detect new or unidentified botnets. We use Netflow and machine learning algorithms in this paper to also improve the detection process for intrusion detection algorithms with a novel dataset. We implemented a number of algorithms in our lightweight model to show that Random Forests get the highest accuracy for the algorithms used.\",\"PeriodicalId\":36824,\"journal\":{\"name\":\"Data\",\"volume\":\"112 1\",\"pages\":\"\"},\"PeriodicalIF\":2.2000,\"publicationDate\":\"2021-04-05\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Data\",\"FirstCategoryId\":\"90\",\"ListUrlMain\":\"https://doi.org/10.1145/3460620.3460739\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Data","FirstCategoryId":"90","ListUrlMain":"https://doi.org/10.1145/3460620.3460739","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Exposing Bot Attacks Using Machine Learning and Flow Level Analysis
Botnets represent a major threat to Internet security that have continuously developed in scale and complexity. Command-and-control servers (C&C) send commands to bots that execute and perform these commands, thereby implementing attacks such as distributed denial-of-service (DDoS), spam campaigns, or the scanning of compromised hosts. The detection of volumetric attacks in large and complex networks requires an efficient mechanism. Botnet behavior should be analyzed in order to save the network from attack, and preventive measures should be implemented in time. Anomalous botnet tracking strategies are more efficient than signature-based ones, since botnet detection methods rely on anomalies and do not need pre-constructed botnet signatures, therefore they can detect new or unidentified botnets. We use Netflow and machine learning algorithms in this paper to also improve the detection process for intrusion detection algorithms with a novel dataset. We implemented a number of algorithms in our lightweight model to show that Random Forests get the highest accuracy for the algorithms used.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
