A Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means

Li, Shing-Han; Kao, Yu-Cheng; Zhang, Zong-Cyuan; Chuang, Ying-Ping; Yen, David C.

doi:10.1145/2676869

Cited by 41 publications

(17 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Unlike our method which relies on modeling dependencies among flows, statistical analysis or machine learning algorithms have been mainly applied on features available in flow records or aggregated properties over a set of flows (duration, number of packets, number of flow records towards each destination, etc.). For example, in [5], the authors combined Particle Swarm Optimization (PSO) and K-means algorithms for botnet detection. In [11], the authors classified network traffic properties based on time intervals using a decision tree classifier.…”

Section: Related Workmentioning

confidence: 99%

BotGM: Unsupervised graph mining to detect botnets in traffic flows

Lagraa

Jérôme

Lahmadi

et al. 2017

2017 1st Cyber Security in Networking Conference (CSNet)

View full text Add to dashboard Cite

Botnets are one of the most dangerous and serious cybersecurity threats since they are a major vector of large-scale attack campaigns such as phishing, distributed denial-of-service (DDoS) attacks, trojans, spams, etc. A large body of research has been accomplished on botnet detection, but recent security incidents show that there are still several challenges remaining to be addressed, such as the ability to develop detectors which can cope with new types of botnets. In this paper, we propose BotGM, a new approach to detect botnet activities based on behavioral analysis of network traffic flow. BotGM identifies network traffic behavior using graph-based mining techniques to detect botnets behaviors and model the dependencies among flows to traceback the root causes then. We applied BotGM on a publicly available large dataset of Botnet network flows, where it detects various botnet behaviors with a high accuracy without any prior knowledge of them.

show abstract

Section: Related Workmentioning

confidence: 99%

BotGM: Unsupervised graph mining to detect botnets in traffic flows

Lagraa

Jérôme

Lahmadi

et al. 2017

2017 1st Cyber Security in Networking Conference (CSNet)

View full text Add to dashboard Cite

show abstract

“…It also depicts the need of defense mechanisms against such attacks. DDoS attacks are not new offenses against web applications (Li, Kao, Zhang, Chuang, & Yen, 2015). Initially, DDoS attacks were launched in August, 1999 against different organizations and continued attacking the various websites like Yahoo, Amazon, Buy.com, CNN and eBay since then (Bhuyan, Kashyap, Bhattacharyya, & Kalita, 2014;Buragohain, Kalita, Singh, & Bhattacharyya, 2015).…”

Section: Background and Motivationmentioning

confidence: 99%

“…In 2009, a DDoS attack was launched that disrupted the network services of most popular websites like Live Journal, Facebook, Amazon, and Twitter (Acohido & Swartz, 2009). In 2010 and 2011, more than 75,000 computer systems in 2500 organizations and 4 million computers in 100 countries were affected by DDoS attacks respectively (Li et al, 2015). Each day, more than 7000 DDoS attacks are launched by the attackers (Mousavi, 2014).…”

Section: Background and Motivationmentioning

confidence: 99%

“…But the attacker undoubtedly modifies the packet contents and traffic flow traits, thus the detection system fails. Moreover, it is very difficult to analyze the encrypted packets (Li et al, 2015). IP attributes (IP protocol type, packet-size) based detection techniques adversely affect the performance by increasing the computational complexity and false positive rate.…”

Section: Issues In Existing Detection Approachesmentioning

confidence: 99%

See 1 more Smart Citation

A review of detection approaches for distributed denial of service attacks

Kaur

Kumar

Bhandari

2017

Systems Science & Control Engineering

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks are the intimidation trials on the Internet that depletes the network bandwidth or exhausts the victim's resources. Researchers have introduced various defense mechanisms (such as attack prevention, traceback, reaction, detection, and characterization) against DDoS attacks, but such attacks are still growing year by year, and the ideal solutions of this problem are eluded so far. In the past, various signature-based and anomaly-based approaches were introduced for the detection of DDoS attacks, but only a few of them have focused on the nature of anomalies. Most of the detection approaches do not provide efficient real-time detection with high detection rate and low faux pas. In this paper, a classification of detection approaches against DDoS attacks has been presented with an aim to go deep insight into the DDoS problem for the beginners in this research area. The detection approaches have been explained along with their pluses and minuses. Further, this review paper includes the different functional classes to which the detection approaches belong to. In the end, a comparison of signature-based, anomaly-based and hybrid detection approaches is depicted in tabular form. ARTICLE HISTORY

show abstract

“…This paper presents a new clustering approach for anomaly detection by using the hybridization of k-means and PSO methods. Numerous clustering methods have been proposed to detect anomalies based on hybridization of PSO and k-means algorithms [12,13,14,15,16,17]. Differences between existing 349 clustering algorithms proposed on the basis of PSO are in their objective functions.…”

Section: Introductionmentioning

confidence: 99%

PSO+K-means Algorithm for Anomaly Detection in Big Data

Alguliyev

Alıguliyev

Abdullayeva

2019

Stat., optim. inf. comput.

View full text Add to dashboard Cite

The use of clustering methods in anomaly detection is considered as an effective approach. The choice of the cluster primary center and the finding of local optimum in the well-known k-means and other classic clustering algorithms are considered as one of the major problems and do not allow to get accurate results in anomaly detection. In this paper to improve the accuracy of anomaly detection based on the combination of PSO (particle swarm optimization) and k-means algorithms, the new weighted clustering method is proposed. The proposed method is tested on Yahoo! S5 dataset and a comparative analysis of the obtained results with the k-means algorithm is performed. The results of experiments show that compared to the k-means algorithm the proposed method is more robust and allows to get more accurate results.

show abstract

A Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means

Cited by 41 publications

References 31 publications

BotGM: Unsupervised graph mining to detect botnets in traffic flows

BotGM: Unsupervised graph mining to detect botnets in traffic flows

A review of detection approaches for distributed denial of service attacks

PSO+K-means Algorithm for Anomaly Detection in Big Data

Contact Info

Product

Resources

About