BotGRABBER: SVM-Based Self-Adaptive System for the Network Resilience Against the Botnets’ Cyberattacks

Lysenko, Sergii; Bobrovnikova, Kira; Savenko, Oleg; Kryshchuk, Andrii

doi:10.1007/978-3-030-21952-9_10

Cited by 13 publications

(5 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to evaluate the efficiency of the proposed approach the experiments were held. They were based on the usage of the BotGRABBER -cyberattacks' detection toolwas used [34][35][36][37][38].…”

Section: Methodsmentioning

confidence: 99%

Technique for IoT malware detection based on control flow graph analysis

Bobrovnikova

Lysenko

Savenko

et al. 2022

reks

Self Cite

View full text Add to dashboard Cite

The Internet of Things (IoT) refers to the millions of devices around the world that are connected to the Internet. Insecure IoT devices designed without proper security features are the targets of many Internet threats. The rapid integration of the Internet into the IoT infrastructure in various areas of human activity, including vulnerable critical infrastructure, makes the detection of malware in the Internet of Things increasingly important. Annual reports from IoT infrastructure cybersecurity companies and antivirus software vendors show an increase in malware attacks targeting IoT infrastructure. This demonstrates the failure of modern methods for detecting malware on the Internet of things. This is why there is an urgent need for new approaches to IoT malware detection and to protect IoT devices from IoT malware attacks. The subject of the research is the malware detection process on the Internet of Things. This study aims to develop a technique for malware detection based on the control flow graph analysis. Results. This paper presents a new approach for IoT malware detection based on control flow graph analysis. Control flow graphs were built for suspicious IoT applications. The control flow graph is represented as a directed graph, which contains information about the components of the suspicious program and the transitions between them. Based on the control flow graph, metrics can be extracted that describe the structure of the program. Considering that IoT applications are small due to the simplicity and limitations of the IoT operating system environment, malware detection based on control flow graph analysis seems to be possible in the IoT environment. To analyze the behavior of the IoT application for each control flow graph, the action graph is to be built. It shows an abstract graph and a description of the program. Based on the action graph for each IoT application, a sequence is formed. This allows for defining the program’s behavior. Thus, with the aim of IoT malware detection, two malware detection models based on control flow graph metrics and the action sequences are used. Since the approach allows you to analyze both the overall structure and behavior of each application, it allows you to achieve high malware detection accuracy. The proposed approach allows the detection of unknown IoT malware, which are the modified versions of known IoT malware. As the mean of conclusion-making concerning the malware presence, the set of machine learning classifiers was employed. The experimental results demonstrated the high accuracy of IoT malware detection. Conclusions. A new technique for IoT malware detection based on control flow graph analysis has been developed. It can detect IoT malware with high efficiency.

show abstract

Section: Methodsmentioning

confidence: 99%

Technique for IoT malware detection based on control flow graph analysis

Bobrovnikova

Lysenko

Savenko

et al. 2022

reks

Self Cite

View full text Add to dashboard Cite

show abstract

“…It is a multi-vector protection system that can perform network and host activity analyses. The BotGRABBER framework presents the tool, not only for botnet detection but also to produce the needed security scenario of the network reconfiguration according to the type of cyberattack performed by the detected botnet [11,13,43]. The mentioned tool includes several units aimed at traffic collection, packet processing, feature extraction, feature classification based on machine learning algorithms, and producing results.…”

Section: Implementation Platformmentioning

confidence: 99%

IoT Multi-Vector Cyberattack Detection Based on Machine Learning Algorithms: Traffic Features Analysis, Experiments, and Efficiency

et al. 2022

Self Cite

View full text Add to dashboard Cite

Cybersecurity is a common Internet of Things security challenge. The lack of security in IoT devices has led to a great number of devices being compromised, with threats from both inside and outside the IoT infrastructure. Attacks on the IoT infrastructure result in device hacking, data theft, financial loss, instability, or even physical damage to devices. This requires the development of new approaches to ensure high-security levels in IoT infrastructure. To solve this problem, we propose a new approach for IoT cyberattack detection based on machine learning algorithms. The core of the method involves network traffic analyses that IoT devices generate during communication. The proposed approach deals with the set of network traffic features that may indicate the presence of cyberattacks in the IoT infrastructure and compromised IoT devices. Based on the obtained features for each IoT device, the feature vectors are formed. To conclude the possible attack presence, machine learning algorithms were employed. We assessed the complexity and time of machine learning algorithm implementation considering multi-vector cyberattacks on IoT infrastructure. Experiments were conducted to approve the method’s efficiency. The results demonstrated that the network traffic feature-based approach allows the detection of multi-vector cyberattacks with high efficiency.

show abstract

“…Monitoring activity from DNS-queries during C&C communication or updates and applying semi-supervised fuzzy c-means clustering to produce security scenarios is the basis of the self-adaptive system called BotGRABBER [161]. Not much different is the method proposed by Sharalfaldin et al in [168], where a novel botnet detection framework, BotViz, is presented.…”

Section: Domain Name System (Dns) Based Detectionmentioning

confidence: 99%

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

Stege

El-Habr

et al. 2021

Future Internet

View full text Add to dashboard Cite

Botnets, groups of malware-infected hosts controlled by malicious actors, have gained prominence in an era of pervasive computing and the Internet of Things. Botnets have shown a capacity to perform substantial damage through distributed denial-of-service attacks, information theft, spam and malware propagation. In this paper, a systematic literature review on botnets is presented to the reader in order to obtain an understanding of the incentives, evolution, detection, mitigation and current trends within the field of botnet research in pervasive computing. The literature review focuses particularly on the topic of botnet detection and the proposed solutions to mitigate the threat of botnets in system security. Botnet detection and mitigation mechanisms are categorised and briefly described to allow for an easy overview of the many proposed solutions. The paper also summarises the findings to identify current challenges and trends within research to help identify improvements for further botnet mitigation research.

show abstract

BotGRABBER: SVM-Based Self-Adaptive System for the Network Resilience Against the Botnets’ Cyberattacks

Cited by 13 publications

References 29 publications

Technique for IoT malware detection based on control flow graph analysis

Technique for IoT malware detection based on control flow graph analysis

IoT Multi-Vector Cyberattack Detection Based on Machine Learning Algorithms: Traffic Features Analysis, Experiments, and Efficiency

A Survey on Botnets: Incentives, Evolution, Detection and Current Trends

Contact Info

Product

Resources

About