Botnet detection based on network flow summary and deep learning

Advanced Persistent Threat (APT) attacks are a form of malicious, intentionally and clearly targeted attack. This attack technique is growing in both the number of recorded attacks and the extent of its dangers to organizations, businesses and governments. Therefore, the task of detecting and warning APT attacks in the real system is very necessary today. One of the most effective approaches to APT attack detection is to apply machine learning or deep learning to analyze network traffic. There have been a number of studies and recommendations to analyze network traffic into network flows and then combine with some classification or clustering methods to look for signs of APT attacks. In particular, recent studies often apply machine learning algorithms to spot the present of APT attacks based on network flow. In this paper, a new method based on deep learning to detect APT attacks using network flow is proposed. Accordingly, in our research, network traffic is analyzed into IP-based network flows, then the IP information is reconstructed from flow, and finally deep learning models are used to extract features for detecting APT attack IPs from other IPs. Additionally, a combined deep learning model using Bidirectional Long Short-Term Memory (BiLSTM) and Graph Convolutional Networks (GCN) is introduced. The new detection model is evaluated and compared with some traditional machine learning models, i.e. Multi-layer perceptron (MLP) and single GCN models, in the experiments. Experimental results show that BiLSTM-GCN model has the best performance in all evaluation scores. This not only shows that deep learning application on flow network analysis to detect APT attacks is a good decision but also suggests a new direction for network intrusion detection techniques based on deep learning.

Download Full-text

Comparative Analysis of Network flow-based Botnet Detection Methods Using Supervised Machine Learning Algorithms

International Journal of Advanced Trends in Computer Science and Engineering ◽

10.30534/ijatcse/2020/229952020 ◽

2020 ◽

Vol 9 (5) ◽

pp. 8498-8503

Keyword(s):

Machine Learning ◽

Comparative Analysis ◽

Network Flow ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Supervised Machine Learning ◽

Detection Methods ◽

Botnet Detection

Download Full-text

Network Flow based IoT Botnet Attack Detection using Deep Learning

IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) ◽

10.1109/infocomwkshps50562.2020.9162668 ◽

2020 ◽

Author(s):

S. Sriram ◽

R. Vinayakumar ◽

Mamoun Alazab ◽

Soman KP

Keyword(s):

Deep Learning ◽

Network Flow ◽

Attack Detection

Download Full-text

IoT Botnet Detection Using Various One-Class Classifiers

Vietnam Journal of Computer Science ◽

10.1142/s2196888821500123 ◽

2020 ◽

pp. 1-20

Author(s):

Mehedi Hasan Raj ◽

A. N. M. Asifur Rahman ◽

Umma Habiba Akter ◽

Khayrun Nahar Riya ◽

Anika Tasneem Nijhum ◽

...

Keyword(s):

Network Flow ◽

Cost Effective ◽

Support Vector ◽

Good Precision ◽

Accuracy Score ◽

Botnet Detection ◽

The People ◽

Iot Devices ◽

Set Up ◽

The One

Nowadays, the Internet of Things (IoT) is a common word for the people because of its increasing number of users. Statistical results show that the users of IoT devices are dramatically increasing, and in the future, it will be to an ever-increasing extent. Because of the increasing number of users, security experts are now concerned about its security. In this research, we would like to improve the security system of IoT devices, particularly in IoT botnet, by applying various machine learning (ML) techniques. In this paper, we have set up an approach to detect botnet of IoT devices using three one-class classifier ML algorithms. The algorithms are: one-class support vector machine (OCSVM), elliptic envelope (EE), and local outlier factor (LOF). Our method is a network flow-based botnet detection technique, and we use the input packet, protocol, source port, destination port, and time as features of our algorithms. After a number of preprocessing steps, we feed the preprocessed data to our algorithms that can achieve a good precision score that is approximately 77–99%. The one-class SVM achieves the best accuracy score, approximately 99% in every dataset, and EE’s accuracy score varies from 91% to 98%; however, the LOF factor achieves lowest accuracy score that is from 77% to 99%. Our algorithms are cost-effective and provide good accuracy in short execution time.

Download Full-text

Deep Learning Techniques for Android Botnet Detection

Electronics ◽

10.3390/electronics10040519 ◽

2021 ◽

Vol 10 (4) ◽

pp. 519

Author(s):

Suleiman Y. Yerima ◽

Mohammed K. Alzaylaee ◽

Annette Shajan ◽

Vinod P

Keyword(s):

Machine Learning ◽

Deep Learning ◽

State Of The Art ◽

Learning Models ◽

Botnet Detection ◽

Machine Learning Classifiers ◽

Learning Techniques ◽

Form Part ◽

Android Applications ◽

Evasive Malware

Android is increasingly being targeted by malware since it has become the most popular mobile operating system worldwide. Evasive malware families, such as Chamois, designed to turn Android devices into bots that form part of a larger botnet are becoming prevalent. This calls for more effective methods for detection of Android botnets. Recently, deep learning has gained attention as a machine learning based approach to enhance Android botnet detection. However, studies that extensively investigate the efficacy of various deep learning models for Android botnet detection are currently lacking. Hence, in this paper we present a comparative study of deep learning techniques for Android botnet detection using 6802 Android applications consisting of 1929 botnet applications from the ISCX botnet dataset. We evaluate the performance of several deep learning techniques including: CNN, DNN, LSTM, GRU, CNN-LSTM, and CNN-GRU models using 342 static features derived from the applications. In our experiments, the deep learning models achieved state-of-the-art results based on the ISCX botnet dataset and also outperformed the classical machine learning classifiers.

Download Full-text