DeepBot: a time-based botnet detection with deep learning
- PDF / 1,960,795 Bytes
- 12 Pages / 595.276 x 790.866 pts Page_size
- 12 Downloads / 312 Views
METHODOLOGIES AND APPLICATION
DeepBot: a time-based botnet detection with deep learning Wan-Chen Shi1 · Hung-Min Sun1
© Springer-Verlag GmbH Germany, part of Springer Nature 2020
Abstract Over the decades, as the technology of Internet thrives rapidly, more and more kinds of cyber-attacks are blasting out around the world. Among them, botnet is one of the most noxious attacks which has always been challenging to overcome. The difficulties of botnet detection stem from the various forms of attack since the viruses keep evolving to avoid themselves from being found. Rule-based botnet detection has its shortcoming of detecting dynamically changing features. On the other hand, the more the Internet functionalities are developed, the severer the impacts botnets may cause. In recent years, many network devices have suffered from botnet attacks as the Internet of things technology prospers, which caused great damage in many industries. Consequently, botnet detection has always been a critical issue in computer security field. In this paper, we introduce a method to detect potential botnets by inspecting the behaviors of network traffics from network packets. In the beginning, we sample the given packets by a period of time and extract the behavioral features from a series of packets. By analyzing these features with proposed deep learning models, we can detect the threat of botnets and classify them into different categories. Keywords Botnet · Deep learning · RNN
1 Introduction By the end of the year 2018, according to NCTA https:// cdn.ihs.com/www/pdf/enabling-IOT.pdf, it is estimated that there are over 34 billion IoT-connected devices around the world, as shown in Fig. 1. With such large amount of devices, it would be a catastrophe if just few of devices get infected by botnet virus. In 2016, a well-known virus called Mirai https://en.wikipedia.org/wiki/Mirai_(malware) was spread among IP cameras and routers and was used to perform DDoS attack on servers, causing huge damage to many online services such as Airbnb or Twitter. From 2016 to 2018, the cryptocurrency mining fever was once all over the places. People were dedicated to mine cryptocoins, including hackers. In early 2018, some hackers created viruses like Communicated by V. Loia.
B
Hung-Min Sun [email protected]
Smominru https://www.cyber.nj.gov/threat-profiles/botnetvariants/smominru to force the infected system to mine cryptocurrency for them. To solve this critical issue, a lot of researchers have proposed many methods to detect botnets. The most naive way is to build a rule-based intrusion detection system (IDS) to constantly check whether the host is under attack by observing its behaviors or identifying the existing botnet signatures. However, in order to avoid being detected by IDS, botnet viruses evolve quickly and become harder to be identified. Rule-based methods are not able to handle these continuously changing features effectively. To overcome this deficit, many dynamic methods related to machine learning or deep learning have been propos
Data Loading...
