Hybrid Botnet Detection Based on Host and Network Analysis

Botnet is one of the most dangerous cyber-security issues. The botnet infects unprotected machines and keeps track of the communication with the command and control server to send and receive malicious commands. The attacker uses botnet to initiate dangerous attacks such as DDoS, fishing, data stealing, and spamming. The size of the botnet is usually very large, and millions of infected hosts may belong to it. In this paper, we addressed the problem of botnet detection based on network’s flows records and activities in the host. Thus, we propose a general technique capable of detecting new botnets in early phase. Our technique is implemented in both sides: host side and network side. The botnet communication traffic we are interested in includes HTTP, P2P, IRC, and DNS using IP fluxing. HANABot algorithm is proposed to preprocess and extract features to distinguish the botnet behavior from the legitimate behavior. We evaluate our solution using a collection of real datasets (malicious and legitimate). Our experiment shows a high level of accuracy and a low false positive rate. Furthermore, a comparison between some existing approaches was given, focusing on specific features and performance. The proposed technique outperforms some of the presented approaches in terms of accurately detecting botnet flow records within Netflow traces.

Download Full-text

Detecting Web-Based Botnets Using Bot Communication Traffic Features

Security and Communication Networks ◽

10.1155/2017/5960307 ◽

2017 ◽

Vol 2017 ◽

pp. 1-11 ◽

Cited By ~ 3

Author(s):

Fu-Hau Hsu ◽

Chih-Wen Ou ◽

Yan-Ling Hwang ◽

Ya-Ching Chang ◽

Po-Ching Lin

Keyword(s):

False Positive ◽

False Positive Rate ◽

Web Server ◽

Experimental Results ◽

Web Pages ◽

Web Based ◽

Network Equipment ◽

Positive Rate ◽

Communication Traffic ◽

And Control

Web-based botnets are popular nowadays. A Web-based botnet is a botnet whose C&C server and bots use HTTP protocol, the most universal and supported network protocol, to communicate with each other. Because the botnet communication can be hidden easily by attackers behind the relatively massive HTTP traffic, administrators of network equipment, such as routers and switches, cannot block such suspicious traffic directly regardless of costs. Based on the clients constituent of a Web server and characteristics of HTTP responses sent to clients from the server, this paper proposes a traffic inspection solution, called Web-based Botnet Detector (WBD). WBD is able to detect suspicious C&C (Command-and-Control) servers of HTTP botnets regardless of whether the botnet commands are encrypted or hidden in normal Web pages. More than 500 GB real network traces collected from 11 backbone routers are used to evaluate our method. Experimental results show that the false positive rate of WBD is 0.42%.

Download Full-text

Night-Time Vehicle Sensing in Far Infrared Image with Deep Learning

Journal of Sensors ◽

10.1155/2016/3403451 ◽

2016 ◽

Vol 2016 ◽

pp. 1-8 ◽

Cited By ~ 11

Author(s):

Hai Wang ◽

Yingfeng Cai ◽

Xiaobo Chen ◽

Long Chen

Keyword(s):

Detection Rate ◽

False Positive Rate ◽

Infrared Image ◽

Far Infrared ◽

Night Vision ◽

Infrared Sensors ◽

Night Time ◽

Detection Rates ◽

Positive Rate ◽

And Performance

The use of night vision systems in vehicles is becoming increasingly common. Several approaches using infrared sensors have been proposed in the literature to detect vehicles in far infrared (FIR) images. However, these systems still have low vehicle detection rates and performance could be improved. This paper presents a novel method to detect vehicles using a far infrared automotive sensor. Firstly, vehicle candidates are generated using a constant threshold from the infrared frame. Contours are then generated by using a local adaptive threshold based on maximum distance, which decreases the number of processing regions for classification and reduces the false positive rate. Finally, vehicle candidates are verified using a deep belief network (DBN) based classifier. The detection rate is 93.9% which is achieved on a database of 5000 images and video streams. This result is approximately a 2.5% improvement on previously reported methods and the false detection rate is also the lowest among them.

Download Full-text

ACCOUNTING OF WAGES WITH THE USE OF BIOMETRICS TO ENSURE CYBERSECURITY OF ENTERPRISES

Financial and credit activity problems of theory and practice ◽

10.18371/fcaptp.v3i38.237446 ◽

2021 ◽

Vol 3 (38) ◽

pp. 162-172

Author(s):

Z.-M. Zadorozhnyy ◽

V. Muravskyi ◽

S. Yatsyshyn ◽

O. Shevchuk

Keyword(s):

Cyber Security ◽

Jel Classification ◽

Working Time ◽

Biometric Authentication ◽

Biometric Technology ◽

Job Functions ◽

Authentication System ◽

And Performance ◽

Using Data ◽

And Control

Abstract. Modern conditions of growing cyber threats caused by the hybrid conflicts around the world and looming biological threat of the COVID-19 pandemic necessitate the introduction of biometric authentication of employees, leading to the transformation in the methodology and organization of accounting at enterprises. The procedure for accounting and control of time worked and wages of the employees is the first to undergo changes due to the forcibly limited access of employees to the enterprise data and premises, which determines the topicality and aims of this research. The aim of the article is to investigate the prospects for monitoring the working time and movement of employees on the premises (facilities) of the enterprise with the use of biometric technology in order to develop the methodology of automation of the accounting of payments made to employees and to ensure the cybersecurity of economic entities. The prospects of using an automated employee checkpoint system based on biometrics for the purposes of accounting and control are explored. The paper improves the methodology of accounting and control over the working time and wages of employees based on the automated employee authentication system using data on the time spent on premises and performance of job functions. Recommendations are made on ensuring biological and cyber security of enterprises in terms of categorizing the enterprise premises and equipment according to their functions and level of access to information and material flows. The research examines the prospects of accounting for the employee costs, as well as accurate distribution of overhead and other costs based on data of the biometric employee authentication system. It is advised to conduct further research into the peculiarities of methodology and organization of accounting under conditions of distance and isolated job performance by accounting employees, as it raises the requirements to cybersecurity of enterprises. Keywords: accounting, working time, wages (salary), biometrics, employee authentication, automation of accounting and control, cybersecurity, COVID-19. JEL Classification M41, M49 Formulas: 0; fig.: 2; tabl.: 1; bibl.: 18.

Download Full-text

An Approach Based on the Improved SVM Algorithm for Identifying Malware in Network Traffic

Security and Communication Networks ◽

10.1155/2021/5518909 ◽

2021 ◽

Vol 2021 ◽

pp. 1-14

Author(s):

Bo Liu ◽

Jinfu Chen ◽

Songling Qin ◽

Zufa Zhang ◽

Yisong Liu ◽

...

Keyword(s):

Network Traffic ◽

Cyber Security ◽

False Positive ◽

False Positive Rate ◽

Support Vector ◽

Traffic Classification ◽

Svm Algorithm ◽

Network Traffic Classification ◽

Positive Rate ◽

Function Selection

Due to the growth and popularity of the internet, cyber security remains, and will continue, to be an important issue. There are many network traffic classification methods or malware identification approaches that have been proposed to solve this problem. However, the existing methods are not well suited to help security experts effectively solve this challenge due to their low accuracy and high false positive rate. To this end, we employ a machine learning-based classification approach to identify malware. The approach extracts features from network traffic and reduces the dimensionality of the features, which can effectively improve the accuracy of identification. Furthermore, we propose an improved SVM algorithm for classifying the network traffic dubbed Optimized Facile Support Vector Machine (OFSVM). The OFSVM algorithm solves the problem that the original SVM algorithm is not satisfactory for classification from two aspects, i.e., parameter optimization and kernel function selection. Therefore, in this paper, we present an approach for identifying malware in network traffic, called Network Traffic Malware Identification (NTMI). To evaluate the effectiveness of the NTMI approach proposed in this paper, we collect four real network traffic datasets and use a publicly available dataset CAIDA for our experiments. Evaluation results suggest that the NTMI approach can lead to higher accuracy while achieving a lower false positive rate compared with other identification methods. On average, the NTMI approach achieves an accuracy of 92.5% and a false positive rate of 5.527%.

Download Full-text

IoT-IE: An Information-Entropy-Based Approach to Traffic Anomaly Detection in Internet of Things

Security and Communication Networks ◽

10.1155/2021/1828182 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Yizhen Sun ◽

Jianjiang Yu ◽

Jianwei Tian ◽

Zhongwei Chen ◽

Weiping Wang ◽

...

Keyword(s):

Internet Of Things ◽

Information Entropy ◽

Recognition Accuracy ◽

False Positive Rate ◽

Security Issues ◽

Different Types ◽

Positive Rate ◽

Iot Devices ◽

Abnormal Behaviors ◽

Traffic Anomaly

Security issues related to the Internet of Things (IoTs) have attracted much attention in many fields in recent years. One important problem in IoT security is to recognize the type of IoT devices, according to which different strategies can be designed to enhance the security of IoT applications. However, existing IoT device recognition approaches rarely consider traffic attacks, which might change the pattern of traffic and consequently decrease the recognition accuracy of different IoT devices. In this work, we first validate by experiments that traffic attacks indeed decrease the recognition accuracy of existing IoT device recognition approaches; then, we propose an approach called IoT-IE that combines information entropy of different traffic features to detect traffic anomaly. We then enhance the robustness of IoT device recognition by detecting and ignoring the abnormal traffic detected by our approach. Experimental evaluations show that IoT-IE can effectively detect abnormal behaviors of IoT devices in the traffic under eight different types of attacks, achieving a high accuracy value of 0.977 and a low false positive rate of 0.011. It also achieves an accuracy of 0.969 in a multiclassification experiment with 7 different types of attacks.

Download Full-text

Bentonites -

10.1127/bentonites/9783510968596 ◽

2021 ◽

Author(s):

Wen-An Chiou ◽

Helmut Coutelle ◽

Andreas Decher ◽

Michael Dörschug ◽

Reiner Dohrmann ◽

...

Keyword(s):

Clay Minerals ◽

Bentonite Clay ◽

Drilling Mud ◽

Uptake Capacity ◽

Water Uptake Capacity ◽

High Level Nuclear Waste ◽

And Performance ◽

Swelling Clay Minerals ◽

High Level ◽

And Control

Bentonites are rocks mostly consisting of swelling clay minerals. They were first described from the Cretaceous Benton Shale near Rock River, Wyoming, USA. Because of their useful properties (e.g. highly adsorbent, cation exchanging, swelling), bentonites have many uses, in industry (among them as drilling mud, purification agent, binder, adsorbent, paper production), culture (for e.g. pottery) and medicine/cosmetics/cat litter, civil engineering, and in the future even in the disposal of high-level nuclear waste. Particular chemical characteristics of bentonite clay minerals are rather variable but critically determine their suitability for a particular application. The 15 specialist authors discuss bentonite terminology, classification and genesis and use in eight chapters. Individual chapters deal with the methods bentonites are analysed with, their properties and performance in terms of parameters such as cation exchange capactiy, rheology, coagulation concentraion, water uptake capacity, free swelling, and electrical resistivity (amongst others). A chapter is dedicated to the sources of bentonites, the technology employed to produce them, and how quality control is carried out both in the mine and the laboratory. A further chapter is dedicated to methods of processing the mined material, different activation methods, drying, grinding, and purification. Use cases for bentonites are discussed in a chapter of its own. References, a section on norms and standards, and a list of abbreviations complete the text. The volume addresses students, researchers, and professionals in the mineral industry dealing with bentonite and their clay-mineral constituents, quality assessement and control, and persons that use bentonites in their products.

Download Full-text

WLI Fuzzy Clustering and Adaptive Lion Neural Network (ALNN) for Cloud Intrusion Detection

International Journal of Distributed Artificial Intelligence ◽

10.4018/ijdai.2019010101 ◽

2019 ◽

Vol 11 (1) ◽

pp. 1-17

Author(s):

Pinki Sharma ◽

Jyotsna Sengupta ◽

P. K. Suri

Keyword(s):

Neural Network ◽

Fuzzy Clustering ◽

Clustered Data ◽

False Positive Rate ◽

Cloud Service ◽

True Positive Rate ◽

Aggregated Data ◽

Marquardt Algorithm ◽

Positive Rate ◽

And Performance

Cloud computing is the internet-based technique where the users utilize the online resources for computing services. The attacks or intrusion into the cloud service is the major issue in the cloud environment since it degrades performance. In this article, we propose an adaptive lion-based neural network (ALNN) to detect the intrusion behaviour. Initially, the cloud network has generated the clusters using a WLI fuzzy clustering mechanism. This mechanism obtains the different numbers of clusters in which the data objects are grouped together. Then, the clustered data is fed into the newly designed adaptive lion-based neural network. The proposed method is developed by the combination of Levenberg-Marquardt algorithm of neural network and adaptive lion algorithm where female lions are used to update the weight adaptively using lion optimization algorithm. Then, the proposed method is used to detect the malicious activity through training process. Thus, the different clustered data is given to the proposed ALNN model. Once the data is trained, then it needs to be aggregated. Subsequently, the aggregated data is fed into the proposed ALNN method where the intrusion behaviour is detected. Finally, the simulation results of the proposed method and performance is analysed through accuracy, false positive rate, and true positive rate. Thus, the proposed ALNN algorithm attains 96.46% accuracy which ensures better detection performance.

Download Full-text

Design, Performance, and Economics of 50-kW and 500-kW Vertical Axis Wind Turbines

Journal of Solar Energy Engineering ◽

10.1115/1.3266402 ◽

1983 ◽

Vol 105 (4) ◽

pp. 418-424 ◽

Cited By ~ 4

Author(s):

L. A. Schienbein ◽

D. J. Malcolm

Keyword(s):

Wind Turbine ◽

Control Systems ◽

Operating Cost ◽

Vertical Axis ◽

Cost Performance ◽

Vertical Axis Wind Turbines ◽

Charge Rate ◽

And Performance ◽

High Level ◽

And Control

A review of the development and performance of the DAF Indal 50-kW vertical axis Darrieus wind turbine shows that a high level of technical development and reliability has been achieved. Features of the drive train, braking and control systems are discussed and performance details are presented. Details are also presented of a 500-kW VAWT that is currently in production. A discussion of the economics of both the 50-kW and 500-kW VAWTs is included, showing the effects of charge rate, installed cost, operating cost, performance, and efficiency.

Download Full-text

The development of Smart Cyber Operating Theater (SCOT), an innovative medical robot architecture that can allow surgeons to freely select and connect master and slave telesurgical robots

Impact ◽

10.21820/23987073.2018.3.35 ◽

2018 ◽

Vol 2018 (3) ◽

pp. 35-37 ◽

Cited By ~ 1

Author(s):

Ken Masamune ◽

Atsushi Nishikawa ◽

Toshikazu Kawai ◽

Yuki Horise ◽

Noriyasu Iwamoto

Keyword(s):

Fundamental Problem ◽

Small Scale ◽

Complex Nature ◽

Robotic Technology ◽

Surgical Robots ◽

Robot Architecture ◽

Engineering Information ◽

And Performance ◽

High Level ◽

And Control

Master-slave robotic technology demonstrates a distinct model of communication that allows one device or user to have unidirectional control over one or more devices. The master refers to the user or device that initiates and controls the transmission, while the slave is the unit that receives these commands and acts accordingly. The direction of control always flows from the master to the slave. This technology has found a plethora of applications in a variety of fields such as engineering, information technology as well as hydraulic and pneumatic systems. Robotic technology has become an integral part of medical applications involving telesurgery (remote surgery) owing to the profound advantages it can offer to both surgeons and patience. Not only is surgery in previously-inoperable conditions now possible through this technology, but robotics also offer additional advantages in the training of medical professionals. In laparoscopic surgery, a high level of accuracy and control are required due to the complex nature and small scale of the area involved. Here, robotically-assisted surgery is performed by the surgeon using master-slave remotely-controlled manipulators or integrating locally-operated small surgical robots in a sterilised area. However, the fundamental problem associated with this master-slave system is that the master and the slave cannot be separated and exchanged with a master or a slave of another system. Performance of the robotic systems during these operations often come across limitations due to the inability of a slave robot to match the pace and performance of the master or the need for different tools during surgery, forcing a requirement for separate master-slave pairs. This creates an inefficiency in the system that Professor Ken Masamune from the Institute of Advance Biomedical Engineering and Science at the Tokyo Women’s Medical University seeks to address. By introducing a middleware that will connect these various masters and slaves, Masamune and his team seek to allow optimal communication and evaluation between robotic units. By separating the master from the slave and using middleware to allow communication between modules, the architecture being developed by Masamune, together with a group of collaborators, provides a quick evaluation of the master-slave combination and enables a far more efficient development and use of telesurgical robots.

Download Full-text

Blockchain-Based Authentication with Optional Privacy Preservation for Internet of Vehicles

Mathematical Problems in Engineering ◽

10.1155/2021/9954599 ◽

2021 ◽

Vol 2021 ◽

pp. 1-13

Author(s):

Jinxin Zhang ◽

Meng Wu

Keyword(s):

Privacy Preservation ◽

Safety Management ◽

Rapid Development ◽

Mobile Internet ◽

Privacy And Security ◽

Internet Of Vehicles ◽

Security Issues ◽

Intelligent Technology ◽

And Performance ◽

High Level

With the rapid development of the mobile internet and intelligent technology of in-vehicle equipment, the Internet of Vehicles (IoV), centered on intelligent connected cars, has gradually entered people’s lives. However, these technologies also bring serious privacy risks and security issues in terms of data transmission and storage. In this article, we propose a blockchain-based authentication system to provide vehicle safety management. The privacy and security attributes of various vehicle authentication transactions are based on high-level cryptographic primitives, realizing temporary and formal authentication methods. At the same time, a fair blockchain consensus mechanism Auction of block generation Rights (AoR) is proposed. To demonstrate the feasibility and scalability of the proposed scheme, security and performance analyses are presented. The relevant experimental results show that the scheme can provide superior decentralized management for IoV.

Download Full-text