Detecting P2P Botnet in Software Defined Networks

Su, Shang Chiuan; Chen, Yi Ren; Tsai, Shi-Chun; Lin, Yi‐Bing

doi:10.1155/2018/4723862

Cited by 23 publications

(19 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The term “botnet” is derived from the words “robot” and “network”, which evokes the Bots’ autonomy to perform several tasks. Botnets are in fact key enablers of several other cyber-attacks, hence representing one of the most serious threats in the area of network security [ 7 , 8 , 9 ]. Having this scenario in mind, organizations need to endorse the preparedness of their infrastructures in order to reactive/proactive deal with security incidents related to botnets [ 10 ], on which the emerging network management paradigms raise as promising cybersecurity enablers [ 11 , 12 ].…”

Section: Introductionmentioning

confidence: 99%

Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics

Ramos

Monge

Vidal

2020

Sensors

View full text Add to dashboard Cite

Botnets are some of the most recurrent cyber-threats, which take advantage of the wide heterogeneity of endpoint devices at the Edge of the emerging communication environments for enabling the malicious enforcement of fraud and other adversarial tactics, including malware, data leaks or denial of service. There have been significant research advances in the development of accurate botnet detection methods underpinned on supervised analysis but assessing the accuracy and performance of such detection methods requires a clear evaluation model in the pursuit of enforcing proper defensive strategies. In order to contribute to the mitigation of botnets, this paper introduces a novel evaluation scheme grounded on supervised machine learning algorithms that enable the detection and discrimination of different botnets families on real operational environments. The proposal relies on observing, understanding and inferring the behavior of each botnet family based on network indicators measured at flow-level. The assumed evaluation methodology contemplates six phases that allow building a detection model against botnet-related malware distributed through the network, for which five supervised classifiers were instantiated were instantiated for further comparisons—Decision Tree, Random Forest, Naive Bayes Gaussian, Support Vector Machine and K-Neighbors. The experimental validation was performed on two public datasets of real botnet traffic—CIC-AWS-2018 and ISOT HTTP Botnet. Bearing the heterogeneity of the datasets, optimizing the analysis with the Grid Search algorithm led to improve the classification results of the instantiated algorithms. An exhaustive evaluation was carried out demonstrating the adequateness of our proposal which prompted that Random Forest and Decision Tree models are the most suitable for detecting different botnet specimens among the chosen algorithms. They exhibited higher precision rates whilst analyzing a large number of samples with less processing time. The variety of testing scenarios were deeply assessed and reported to set baseline results for future benchmark analysis targeted on flow-based behavioral patterns.

show abstract

Section: Introductionmentioning

confidence: 99%

Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics

Ramos

Monge

Vidal

2020

Sensors

View full text Add to dashboard Cite

show abstract

“…As indicated in the literature [53][54][55][56][57], it is essential to strengthen evidence provided by the features described on each dataset as this positively influences SL training routines by capturing maximum variability of the inputs and expanding the capacity of inference to the resulting models. If at some point ISCX-Bot-2014 and CIDDS-001 features produce correlation effects, this downgrades the computation of the algorithm.…”

Section: Feature Extraction and Selectionmentioning

confidence: 99%

Synthetic Minority Oversampling Technique for Optimizing Classification Tasks in Botnet and Intrusion-Detection-System Datasets

et al. 2020

View full text Add to dashboard Cite

Presently, security is a hot research topic due to the impact in daily information infrastructure. Machine-learning solutions have been improving classical detection practices, but detection tasks employ irregular amounts of data since the number of instances that represent one or several malicious samples can significantly vary. In highly unbalanced data, classification models regularly have high precision with respect to the majority class, while minority classes are considered noise due to the lack of information that they provide. Well-known datasets used for malware-based analyses like botnet attacks and Intrusion Detection Systems (IDS) mainly comprise logs, records, or network-traffic captures that do not provide an ideal source of evidence as a result of obtaining raw data. As an example, the numbers of abnormal and constant connections generated by either botnets or intruders within a network are considerably smaller than those from benign applications. In most cases, inadequate dataset design may lead to the downgrade of a learning algorithm, resulting in overfitting and poor classification rates. To address these problems, we propose a resampling method, the Synthetic Minority Oversampling Technique (SMOTE) with a grid-search algorithm optimization procedure. This work demonstrates classification-result improvements for botnet and IDS datasets by merging synthetically generated balanced data and tuning different supervised-learning algorithms.

show abstract

“…In this context, NNs [97][98][99][100][101][102][103][104][105][106], SVM [105][106][107][108][109][110][111][112][113], DTs [114][115][116][117][118][119][120][121][122][123][124][125][126][127][128], ensemble methods [129][130][131][132][133][134][135][136][137][138][139][140] and supervised deep learning [44,[141][142][143][144] approaches were the most used...…”

Section: Supervised Learning In Sdnmentioning

confidence: 99%

Artificial intelligence enabled software‐defined networking: a comprehensive overview

Latah

Toker

2019

IET Networks

View full text Add to dashboard Cite

Software-defined networking (SDN) represents a promising networking architecture that combines central management and network programmability. SDN separates the control plane from the data plane and moves the network management to a central point, called the controller that can be programmed and used as the brain of the network. Recently, the research community has shown an increased tendency to benefit from the recent advancements in the artificial intelligence (AI) field to provide learning abilities and better decision making in SDN. In this study, the authors provide a detailed overview of the recent efforts to include AI in SDN. The study showed that the research efforts focused on three main sub-fields of AI namely: machine learning, meta-heuristics and fuzzy inference systems. Accordingly, in this work, the authors investigate their different application areas and potential use, as well as the improvements achieved by including AI-based techniques in the SDN paradigm.

show abstract

Detecting P2P Botnet in Software Defined Networks

Cited by 23 publications

References 23 publications

Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics

Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics

Synthetic Minority Oversampling Technique for Optimizing Classification Tasks in Botnet and Intrusion-Detection-System Datasets

Artificial intelligence enabled software‐defined networking: a comprehensive overview

Contact Info

Product

Resources

About