Detection of the botnets’ low-rate DDoS attacks based on self-similarity

Lysenko, Sergii; Bobrovnikova, Kira; Matiukh, Serhii; Hurman, Ivan; Savenko, Oleg

doi:10.11591/ijece.v10i4.pp3651-3659

Cited by 15 publications

(10 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In order to evaluate the efficiency of the proposed approach the experiments were held. They were based on the usage of the BotGRABBER -cyberattacks' detection toolwas used [34][35][36][37][38].…”

Section: Methodsmentioning

confidence: 99%

Technique for IoT malware detection based on control flow graph analysis

Bobrovnikova

Lysenko

Savenko

et al. 2022

reks

Self Cite

View full text Add to dashboard Cite

The Internet of Things (IoT) refers to the millions of devices around the world that are connected to the Internet. Insecure IoT devices designed without proper security features are the targets of many Internet threats. The rapid integration of the Internet into the IoT infrastructure in various areas of human activity, including vulnerable critical infrastructure, makes the detection of malware in the Internet of Things increasingly important. Annual reports from IoT infrastructure cybersecurity companies and antivirus software vendors show an increase in malware attacks targeting IoT infrastructure. This demonstrates the failure of modern methods for detecting malware on the Internet of things. This is why there is an urgent need for new approaches to IoT malware detection and to protect IoT devices from IoT malware attacks. The subject of the research is the malware detection process on the Internet of Things. This study aims to develop a technique for malware detection based on the control flow graph analysis. Results. This paper presents a new approach for IoT malware detection based on control flow graph analysis. Control flow graphs were built for suspicious IoT applications. The control flow graph is represented as a directed graph, which contains information about the components of the suspicious program and the transitions between them. Based on the control flow graph, metrics can be extracted that describe the structure of the program. Considering that IoT applications are small due to the simplicity and limitations of the IoT operating system environment, malware detection based on control flow graph analysis seems to be possible in the IoT environment. To analyze the behavior of the IoT application for each control flow graph, the action graph is to be built. It shows an abstract graph and a description of the program. Based on the action graph for each IoT application, a sequence is formed. This allows for defining the program’s behavior. Thus, with the aim of IoT malware detection, two malware detection models based on control flow graph metrics and the action sequences are used. Since the approach allows you to analyze both the overall structure and behavior of each application, it allows you to achieve high malware detection accuracy. The proposed approach allows the detection of unknown IoT malware, which are the modified versions of known IoT malware. As the mean of conclusion-making concerning the malware presence, the set of machine learning classifiers was employed. The experimental results demonstrated the high accuracy of IoT malware detection. Conclusions. A new technique for IoT malware detection based on control flow graph analysis has been developed. It can detect IoT malware with high efficiency.

show abstract

Section: Methodsmentioning

confidence: 99%

Technique for IoT malware detection based on control flow graph analysis

Bobrovnikova

Lysenko

Savenko

et al. 2022

reks

Self Cite

View full text Add to dashboard Cite

show abstract

“…Solutions devoted to cyberattack detection against Internet of Things infrastructure are widely presented [7,8]. Quite possibly, the most encouraging approaches for IoT cyberattack detection are based on machine learning algorithms (MLA) [9][10][11][12][13].…”

Section: The State-of-the-artmentioning

confidence: 99%

“…It is a multi-vector protection system that can perform network and host activity analyses. The BotGRABBER framework presents the tool, not only for botnet detection but also to produce the needed security scenario of the network reconfiguration according to the type of cyberattack performed by the detected botnet [11,13,43]. The mentioned tool includes several units aimed at traffic collection, packet processing, feature extraction, feature classification based on machine learning algorithms, and producing results.…”

Section: Implementation Platformmentioning

confidence: 99%

IoT Multi-Vector Cyberattack Detection Based on Machine Learning Algorithms: Traffic Features Analysis, Experiments, and Efficiency

et al. 2022

Self Cite

View full text Add to dashboard Cite

Cybersecurity is a common Internet of Things security challenge. The lack of security in IoT devices has led to a great number of devices being compromised, with threats from both inside and outside the IoT infrastructure. Attacks on the IoT infrastructure result in device hacking, data theft, financial loss, instability, or even physical damage to devices. This requires the development of new approaches to ensure high-security levels in IoT infrastructure. To solve this problem, we propose a new approach for IoT cyberattack detection based on machine learning algorithms. The core of the method involves network traffic analyses that IoT devices generate during communication. The proposed approach deals with the set of network traffic features that may indicate the presence of cyberattacks in the IoT infrastructure and compromised IoT devices. Based on the obtained features for each IoT device, the feature vectors are formed. To conclude the possible attack presence, machine learning algorithms were employed. We assessed the complexity and time of machine learning algorithm implementation considering multi-vector cyberattacks on IoT infrastructure. Experiments were conducted to approve the method’s efficiency. The results demonstrated that the network traffic feature-based approach allows the detection of multi-vector cyberattacks with high efficiency.

show abstract

“…This creates problems with the reliability of information storage. Therefore, researchers continue to develop a variety of detection methods and systems [18] - [25], which would detect malicious software at different stages of penetration into computer systems. This direction is actively developing and will continue to develop, because criminals benefit and therefore it motivates them.…”

Section: Subject Area Analysis and Related Decisionsmentioning

confidence: 99%

The Methods of Ensuring Fault Tolerance, Survivability and Protection of Information of Specialized Information Technologies Under the Influence of Malicious Software

STETSIUK

Каштальян

2022

CSIT

View full text Add to dashboard Cite

The paper examines the provision of fault tolerance, survivability and protection of IT information on the impact of malicious software and computer attacks. Each method is presented separately by its steps. The states of hardware and software on which the implemented methods are impelled in the corresponding systems are investigated. The common states are singled out and on the basis of them and together with the steps of the methods the synthesis of the method of ensuring fault tolerance, survivability and protection of IT information is carried out. It combines three developed methods. This method is represented by four generalized steps. All representations of the models are made by graphs with weight vertices, which specify either the states or steps of the methods. This representation made it possible to connect common vertices.Some methods of ensuring resilience, survivability and protection of IT information under the influence of malicious software were compared with one integrated method. Experimental studies confirm the effectiveness of both the proposed solution to ensure fault tolerance, survivability and protection of IT information and the effectiveness of the method, which combines the provision of fault tolerance, survivability and protection of IT information.

show abstract

Detection of the botnets’ low-rate DDoS attacks based on self-similarity

Cited by 15 publications

References 19 publications

Technique for IoT malware detection based on control flow graph analysis

Technique for IoT malware detection based on control flow graph analysis

IoT Multi-Vector Cyberattack Detection Based on Machine Learning Algorithms: Traffic Features Analysis, Experiments, and Efficiency

The Methods of Ensuring Fault Tolerance, Survivability and Protection of Information of Specialized Information Technologies Under the Influence of Malicious Software

Contact Info

Product

Resources

About