Deep learning to detect botnet via network flow summaries

2018 ◽  
Vol 31 (11) ◽  
pp. 8021-8033 ◽  
Author(s):  
Abdurrahman Pektaş ◽  
Tankut Acarman
Keyword(s):  
Deep Learning ◽  
Network Flow

Botnet detection based on network flow summary and deep learning

2018 ◽  
Vol 28 (6) ◽  
pp. e2039 ◽  
Author(s):  
Abdurrahman Pektaş ◽  
Tankut Acarman
Keyword(s):  
Deep Learning ◽  
Network Flow ◽  
Botnet Detection

APT attack detection based on flow network analysis techniques using deep learning

2020 ◽  
Vol 39 (3) ◽  
pp. 4785-4801
Author(s):  
Cho Do Xuan ◽  
Mai Hoang Dao ◽  
Hoa Dinh Nguyen
Keyword(s):  
Machine Learning ◽  
Deep Learning ◽  
Network Analysis ◽  
Network Traffic ◽  
Network Flow ◽  
Network Flows ◽  
Attack Detection ◽  
Research Network ◽  
Learning Models ◽  
Flow Network

Advanced Persistent Threat (APT) attacks are a form of malicious, intentionally and clearly targeted attack. This attack technique is growing in both the number of recorded attacks and the extent of its dangers to organizations, businesses and governments. Therefore, the task of detecting and warning APT attacks in the real system is very necessary today. One of the most effective approaches to APT attack detection is to apply machine learning or deep learning to analyze network traffic. There have been a number of studies and recommendations to analyze network traffic into network flows and then combine with some classification or clustering methods to look for signs of APT attacks. In particular, recent studies often apply machine learning algorithms to spot the present of APT attacks based on network flow. In this paper, a new method based on deep learning to detect APT attacks using network flow is proposed. Accordingly, in our research, network traffic is analyzed into IP-based network flows, then the IP information is reconstructed from flow, and finally deep learning models are used to extract features for detecting APT attack IPs from other IPs. Additionally, a combined deep learning model using Bidirectional Long Short-Term Memory (BiLSTM) and Graph Convolutional Networks (GCN) is introduced. The new detection model is evaluated and compared with some traditional machine learning models, i.e. Multi-layer perceptron (MLP) and single GCN models, in the experiments. Experimental results show that BiLSTM-GCN model has the best performance in all evaluation scores. This not only shows that deep learning application on flow network analysis to detect APT attacks is a good decision but also suggests a new direction for network intrusion detection techniques based on deep learning.

scholarly journals HỆ THỐNG PHÁT HIỆN TẤN CÔNG BOTNET SỬ DỤNG WEB PROXY VÀ CONVOLUTIONAL NEURAL NETWORK

2020 ◽  
Vol 10 (3) ◽  
pp. 3
Author(s):  
Trần Đắc Tốt ◽  
Phạm Tuấn Khiêm ◽  
Phạm Nguyễn Huy Phương
Keyword(s):  
Neural Network ◽  
Deep Learning ◽  
Convolutional Neural Network ◽  
Network Flow

Botnet đang ngày càng trở thành những mối đe dọa nguy hiểm nhất trong lĩnh vực an ninh mạng, nhiều hướng tiếp cận khác nhau để phát hiện tấn công bằng botnet đã được nghiên cứu. Tuy nhiên, dù bất kì hướng tiếp cận nào được sử dụng, sự tiến hóa về bản chất của botnet cùng tập các quy luật được định nghĩa sẵn để phát hiện ra botnet có thể ảnh hưởng đến hiệu suất của hệ thống phát hiện botnet. Trong bài báo này, chúng tôi đề xuất một họ kiến trúc tổng quát sử dụng thuộc nhóm Convolutional Neural Network để biến đổi từ đặc trưng thô do các công cụ ghi nhận và phân tích network flow cung cấp thành đặc trưng cấp cao hơn, từ đó tiến hành phân lớp (nhị phân) để đánh giá một flow tương ứng với tình trạng bị botnet tấn công hay không. Chúng tôi thử nghiệm trên tập CTU-13 với các cấu hình khác nhau của convolutional neural network để đánh giá tiềm năng dùng deep learning với convolutional neural network vào bài toán phát hiện botnet. Đặc biệt là đề xuất hệ thống phát hiện Botnet sử dụng Web proxy. Đây là một kỹ thuật giúp triển khai hệ thống phát hiện botnet với chi phí thấp mang lại hiệu quả cao.

scholarly journals A Novel Deep Learning Stack for APT Detection

2019 ◽  
Vol 9 (6) ◽  
pp. 1055 ◽  
Author(s):  
Tero Bodström ◽  
Timo Hämäläinen
Keyword(s):  
Deep Learning ◽  
Theoretical Approach ◽  
Network Flow ◽  
Raw Data ◽  
Detection Process ◽  
Advanced Persistent Threat ◽  
Multi Stage ◽  
Different Types ◽  
Near Future ◽  
Entire Network

We present a novel Deep Learning (DL) stack for detecting Advanced Persistent threat (APT) attacks. This model is based on a theoretical approach where an APT is observed as a multi-vector multi-stage attack with a continuous strategic campaign. To capture these attacks, the entire network flow and particularly raw data must be used as an input for the detection process. By combining different types of tailored DL-methods, it is possible to capture certain types of anomalies and behaviour. Our method essentially breaks down a bigger problem into smaller tasks, tries to solve these sequentially and finally returns a conclusive result. This concept paper outlines, for example, the problems and possible solutions for the tasks. Additionally, we describe how we will be developing, implementing and testing the method in the near future.

scholarly journals Predicting Network Flow Characteristics Using Deep Learning and Real-World Network Traffic

2020 ◽  
Vol 17 (4) ◽  
pp. 2662-2676
Author(s):  
Christoph Hardegen ◽  
Benedikt Pfulb ◽  
Sebastian Rieger ◽  
Alexander Gepperth
Keyword(s):  
Deep Learning ◽  
Real World ◽  
Network Traffic ◽  
Network Flow ◽  
Flow Characteristics

Deep Learning Model for Multimedia Quality of Experience Prediction Based on Network Flow Packets

2018 ◽  
Vol 56 (9) ◽  
pp. 110-117 ◽  
Author(s):  
Manuel Lopez-Martin ◽  
Belen Carro ◽  
Jaime Lloret ◽  
Santiago Egea ◽  
Antonio Sanchez-Esguevillas
Keyword(s):  
Deep Learning ◽  
Network Flow ◽  
Quality Of Experience ◽  
Learning Model ◽  
Deep Learning Model
Sign in / Sign up

Export Citation Format

Share Document