期刊文献+
共找到11篇文章
< 1 >
每页显示 20 50 100
The Machine Learning Ensemble for Analyzing Internet of Things Networks:Botnet Detection and Device Identification
1
作者 Seung-Ju Han Seong-Su Yoon Ieck-Chae Euom 《Computer Modeling in Engineering & Sciences》 SCIE EI 2024年第11期1495-1518,共24页
The rapid proliferation of Internet of Things(IoT)technology has facilitated automation across various sectors.Nevertheless,this advancement has also resulted in a notable surge in cyberattacks,notably botnets.As a re... The rapid proliferation of Internet of Things(IoT)technology has facilitated automation across various sectors.Nevertheless,this advancement has also resulted in a notable surge in cyberattacks,notably botnets.As a result,research on network analysis has become vital.Machine learning-based techniques for network analysis provide a more extensive and adaptable approach in comparison to traditional rule-based methods.In this paper,we propose a framework for analyzing communications between IoT devices using supervised learning and ensemble techniques and present experimental results that validate the efficacy of the proposed framework.The results indicate that using the proposed ensemble techniques improves accuracy by up to 1.7%compared to singlealgorithm approaches.These results also suggest that the proposed framework can flexibly adapt to general IoT network analysis scenarios.Unlike existing frameworks,which only exhibit high performance in specific situations,the proposed framework can serve as a fundamental approach for addressing a wide range of issues. 展开更多
关键词 Internet of Things machine learning traffic analysis botnet detection device identification
下载PDF
An Optimized Approach to Deep Learning for Botnet Detection and Classification for Cybersecurity in Internet of Things Environment
2
作者 Abdulrahman Alzahrani 《Computers, Materials & Continua》 SCIE EI 2024年第8期2331-2349,共19页
The recent development of the Internet of Things(IoTs)resulted in the growth of IoT-based DDoS attacks.The detection of Botnet in IoT systems implements advanced cybersecurity measures to detect and reduce malevolent ... The recent development of the Internet of Things(IoTs)resulted in the growth of IoT-based DDoS attacks.The detection of Botnet in IoT systems implements advanced cybersecurity measures to detect and reduce malevolent botnets in interconnected devices.Anomaly detection models evaluate transmission patterns,network traffic,and device behaviour to detect deviations from usual activities.Machine learning(ML)techniques detect patterns signalling botnet activity,namely sudden traffic increase,unusual command and control patterns,or irregular device behaviour.In addition,intrusion detection systems(IDSs)and signature-based techniques are applied to recognize known malware signatures related to botnets.Various ML and deep learning(DL)techniques have been developed to detect botnet attacks in IoT systems.To overcome security issues in an IoT environment,this article designs a gorilla troops optimizer with DL-enabled botnet attack detection and classification(GTODL-BADC)technique.The GTODL-BADC technique follows feature selection(FS)with optimal DL-based classification for accomplishing security in an IoT environment.For data preprocessing,the min-max data normalization approach is primarily used.The GTODL-BADC technique uses the GTO algorithm to select features and elect optimal feature subsets.Moreover,the multi-head attention-based long short-term memory(MHA-LSTM)technique was applied for botnet detection.Finally,the tree seed algorithm(TSA)was used to select the optimum hyperparameter for the MHA-LSTM method.The experimental validation of the GTODL-BADC technique can be tested on a benchmark dataset.The simulation results highlighted that the GTODL-BADC technique demonstrates promising performance in the botnet detection process. 展开更多
关键词 botnet detection internet of things gorilla troops optimizer hyperparameter tuning intrusion detection system
下载PDF
Double DQN Method For Botnet Traffic Detection System
3
作者 Yutao Hu Yuntao Zhao +1 位作者 Yongxin Feng Xiangyu Ma 《Computers, Materials & Continua》 SCIE EI 2024年第4期509-530,共22页
In the face of the increasingly severe Botnet problem on the Internet,how to effectively detect Botnet traffic in realtime has become a critical problem.Although the existing deepQnetwork(DQN)algorithminDeep reinforce... In the face of the increasingly severe Botnet problem on the Internet,how to effectively detect Botnet traffic in realtime has become a critical problem.Although the existing deepQnetwork(DQN)algorithminDeep reinforcement learning can solve the problem of real-time updating,its prediction results are always higher than the actual results.In Botnet traffic detection,although it performs well in the training set,the accuracy rate of predicting traffic is as high as%;however,in the test set,its accuracy has declined,and it is impossible to adjust its prediction strategy on time based on new data samples.However,in the new dataset,its accuracy has declined significantly.Therefore,this paper proposes a Botnet traffic detection system based on double-layer DQN(DDQN).Two Q-values are designed to adjust the model in policy and action,respectively,to achieve real-time model updates and improve the universality and robustness of the model under different data sets.Experiments show that compared with the DQN model,when using DDQN,the Q-value is not too high,and the detectionmodel has improved the accuracy and precision of Botnet traffic.Moreover,when using Botnet data sets other than the test set,the accuracy and precision of theDDQNmodel are still higher than DQN. 展开更多
关键词 DQN DDQN deep reinforcement learning botnet detection feature classification
下载PDF
Review:Botnet detection techniques: review, future trends, and issue 被引量:4
4
作者 Ahmad KARIM Rosli Bin SALLEH +3 位作者 Muhammad SHIRAZ Syed Adeel Ali SHAH Irfan AWAN Nor Badrul ANUAR 《Journal of Zhejiang University-Science C(Computers and Electronics)》 SCIE EI 2014年第11期943-983,共41页
In recent years, the Internet has enabled access to widespread remote services in the distributed computing environment; however, integrity of data transmission in the distributed computing platform is hindered by a n... In recent years, the Internet has enabled access to widespread remote services in the distributed computing environment; however, integrity of data transmission in the distributed computing platform is hindered by a number of security issues. For instance, the botnet phenomenon is a prominent threat to Internet security, including the threat of malicious codes. The botnet phenomenon supports a wide range of criminal activities, including distributed denial of service(DDoS) attacks, click fraud, phishing, malware distribution, spam emails, and building machines for illegitimate exchange of information/materials. Therefore, it is imperative to design and develop a robust mechanism for improving the botnet detection, analysis, and removal process. Currently, botnet detection techniques have been reviewed in different ways; however, such studies are limited in scope and lack discussions on the latest botnet detection techniques. This paper presents a comprehensive review of the latest state-of-the-art techniques for botnet detection and figures out the trends of previous and current research. It provides a thematic taxonomy for the classification of botnet detection techniques and highlights the implications and critical aspects by qualitatively analyzing such techniques. Related to our comprehensive review, we highlight future directions for improving the schemes that broadly span the entire botnet detection research field and identify the persistent and prominent research challenges that remain open. 展开更多
关键词 botnet detection Anomaly detection Network security ATTACK DEFENSE TAXONOMY
原文传递
BotGuard: Lightweight Real-Time Botnet Detection in Software Defined Networks
5
作者 CHEN Jing CHENG Xi +2 位作者 DU Ruiying HU Li WANG Chiheng 《Wuhan University Journal of Natural Sciences》 CAS CSCD 2017年第2期103-113,共11页
The distributed detection of botnets may induce heavy computation and communication costs to network devices. Each device in related scheme only has a regional view of Internet, so it is hard to detect botnet comprehe... The distributed detection of botnets may induce heavy computation and communication costs to network devices. Each device in related scheme only has a regional view of Internet, so it is hard to detect botnet comprehensively. In this paper, we propose a lightweight real-time botnet detection framework called Bot-Guard, which uses the global landscape and flexible configurability of software defined network (SDN) to identify botnets promptly. SDN, as a new network framework, can make centralized control in botnet detection, but there are still some challenges in such detections. We give a convex lens imaging graph (CLI-graph) to depict the topology characteristics of botnet, which allows SDN controller to locate attacks separately and mitigate the burden of network devices. The theoretical and experimental resuits prove that our scheme is capable of timely botnet detecting in SDNs with the accuracy higher than 90% and the delay less than 56 ms. 展开更多
关键词 botnet detection software defined network graph theory
原文传递
BotSward: Centrality Measures for Graph-Based Bot Detection Using Machine Learning
6
作者 Khlood Shinan Khalid Alsubhi M.Usman Ashraf 《Computers, Materials & Continua》 SCIE EI 2023年第1期693-714,共22页
The number of botnet malware attacks on Internet devices has grown at an equivalent rate to the number of Internet devices that are connected to the Internet.Bot detection using machine learning(ML)with flow-based fea... The number of botnet malware attacks on Internet devices has grown at an equivalent rate to the number of Internet devices that are connected to the Internet.Bot detection using machine learning(ML)with flow-based features has been extensively studied in the literature.Existing flow-based detection methods involve significant computational overhead that does not completely capture network communication patterns that might reveal other features ofmalicious hosts.Recently,Graph-Based Bot Detection methods using ML have gained attention to overcome these limitations,as graphs provide a real representation of network communications.The purpose of this study is to build a botnet malware detection system utilizing centrality measures for graph-based botnet detection and ML.We propose BotSward,a graph-based bot detection system that is based on ML.We apply the efficient centrality measures,which are Closeness Centrality(CC),Degree Centrality(CC),and PageRank(PR),and compare them with others used in the state-of-the-art.The efficiency of the proposed method is verified on the available Czech Technical University 13 dataset(CTU-13).The CTU-13 dataset contains 13 real botnet traffic scenarios that are connected to a command-and-control(C&C)channel and that cause malicious actions such as phishing,distributed denial-of-service(DDoS)attacks,spam attacks,etc.BotSward is robust to zero-day attacks,suitable for large-scale datasets,and is intended to produce better accuracy than state-of-the-art techniques.The proposed BotSward solution achieved 99%accuracy in botnet attack detection with a false positive rate as low as 0.0001%. 展开更多
关键词 Network security botnet detection graph-based features machine learning measure centrality
下载PDF
IoT Smart Devices Risk Assessment Model Using Fuzzy Logic and PSO
7
作者 Ashraf S.Mashaleh Noor Farizah Binti Ibrahim +2 位作者 Mohammad Alauthman Mohammad Almseidin Amjad Gawanmeh 《Computers, Materials & Continua》 SCIE EI 2024年第2期2245-2267,共23页
Increasing Internet of Things(IoT)device connectivity makes botnet attacks more dangerous,carrying catastrophic hazards.As IoT botnets evolve,their dynamic and multifaceted nature hampers conventional detection method... Increasing Internet of Things(IoT)device connectivity makes botnet attacks more dangerous,carrying catastrophic hazards.As IoT botnets evolve,their dynamic and multifaceted nature hampers conventional detection methods.This paper proposes a risk assessment framework based on fuzzy logic and Particle Swarm Optimization(PSO)to address the risks associated with IoT botnets.Fuzzy logic addresses IoT threat uncertainties and ambiguities methodically.Fuzzy component settings are optimized using PSO to improve accuracy.The methodology allows for more complex thinking by transitioning from binary to continuous assessment.Instead of expert inputs,PSO data-driven tunes rules and membership functions.This study presents a complete IoT botnet risk assessment system.The methodology helps security teams allocate resources by categorizing threats as high,medium,or low severity.This study shows how CICIoT2023 can assess cyber risks.Our research has implications beyond detection,as it provides a proactive approach to risk management and promotes the development of more secure IoT environments. 展开更多
关键词 IoT botnet detection risk assessment fuzzy logic particle swarm optimization(PSO) CYBERSECURITY interconnected devices
下载PDF
A Learning Model to Detect Android C&C Applications Using Hybrid Analysis
8
作者 Attia Qammar Ahmad Karim +2 位作者 Yasser Alharbi Mohammad Alsaffar Abdullah Alharbi 《Computer Systems Science & Engineering》 SCIE EI 2022年第12期915-930,共16页
Smartphone devices particularly Android devices are in use by billions of people everywhere in the world.Similarly,this increasing rate attracts mobile botnet attacks which is a network of interconnected nodes operate... Smartphone devices particularly Android devices are in use by billions of people everywhere in the world.Similarly,this increasing rate attracts mobile botnet attacks which is a network of interconnected nodes operated through the command and control(C&C)method to expand malicious activities.At present,mobile botnet attacks launched the Distributed denial of services(DDoS)that causes to steal of sensitive data,remote access,and spam generation,etc.Consequently,various approaches are defined in the literature to detect mobile botnet attacks using static or dynamic analysis.In this paper,a novel hybrid model,the combination of static and dynamic methods that relies on machine learning to detect android botnet applications is proposed.Furthermore,results are evaluated using machine learning classifiers.The Random Forest(RF)classifier outperform as compared to other ML techniques i.e.,Naïve Bayes(NB),Support Vector Machine(SVM),and Simple Logistic(SL).Our proposed framework achieved 97.48%accuracy in the detection of botnet applications.Finally,some future research directions are highlighted regarding botnet attacks detection for the entire community. 展开更多
关键词 Android botnet botnet detection hybrid analysis machine learning classifiers mobile malware
下载PDF
Use of subword tokenization for domain generation algorithm classification
9
作者 Sea Ran Cleon Liew Ngai Fong Law 《Cybersecurity》 EI CSCD 2024年第2期1-12,共12页
Domain name generation algorithm(DGA)classification is an essential but challenging problem.Both feature-extract-ing machine learning(ML)methods and deep learning(DL)models such as convolutional neural networks and lo... Domain name generation algorithm(DGA)classification is an essential but challenging problem.Both feature-extract-ing machine learning(ML)methods and deep learning(DL)models such as convolutional neural networks and long short-term memory have been developed.However,the performance of these approaches varies with different types of DGAs.Most features in the ML methods can characterize random-looking DGAs better than Word-looking DGAs.To improve the classification performance on word-looking DGAs,subword tokenization is employed for the DL mod-els.Our experimental results proved that the subword tokenization can provide excellent classification performance on the word-looking DGAs.We then propose an integrated scheme that chooses an appropriate method for DGA classification depending on the nature of the DGAs.Results show that the integrated scheme outperformed existing ML and DL methods,and also the subword DL methods. 展开更多
关键词 botnet detection Domain names Network security Machine learning-based botnet detection
原文传递
Analysis on the time-domain characteristics of botnets control traffic
10
作者 LI Wei-min MIAO Chen LIU Fang LEI Zhen-ming 《The Journal of China Universities of Posts and Telecommunications》 EI CSCD 2011年第2期106-113,共8页
Botnets are networks composed with malware-infect ed computers.They are designed and organized to be controlled by an adversary.As victims are infected through their inappropriate network behaviors in most cases,the I... Botnets are networks composed with malware-infect ed computers.They are designed and organized to be controlled by an adversary.As victims are infected through their inappropriate network behaviors in most cases,the Internet protocol(IP) addresses of infected bots are unpredictable.Plus,a bot can get an IP address through dynamic host configuration protocol(DHCP),so they need to get in touch with the controller initiatively and they should attempt continuously because a controller can't be always online.The whole process is carried out under the command and control(C&C) channel.Our goal is to characterize the network traffic under the C&C channel on the time domain.Our analysis draws upon massive data obtained from honeynet and a large Internet service provider(ISP) Network.We extract and summarize fingerprints of the bots collected in our honeynet.Next,with the fingerprints,we use deep packet inspection(DPI) Technology to search active bots and controllers in the Internet.Then,we gather and analyze flow records reported from network traffic monitoring equipments.In this paper,we propose a flow record interval analysis on the time domain characteristics of botnets control traffic,and we propose the algorithm to identify the communications in the C&C channel based on our analysis.After that,we evaluate our approach with a 3.4 GB flow record trace and the result is satisfactory.In addition,we believe that our work is also useful information in the design of botnet detection schemes with the deep flow inspection(DFI) technology. 展开更多
关键词 botnet detection netflow record time domain analysis deep flow inspection
原文传递
Detecting P2P bots by mining the regional periodicity 被引量:3
11
作者 Yong QIAO Yue-xiang YANG +2 位作者 Jie HE Chuan TANG Ying-zhi ZENG 《Journal of Zhejiang University-Science C(Computers and Electronics)》 SCIE EI 2013年第9期682-700,共19页
Peer-to-peer (P2P) botnets outperform the traditional Internet relay chat (IRC) botnets in evading detection and they have become a prevailing type of threat to the Internet nowadays.Current methods for detecting P2P ... Peer-to-peer (P2P) botnets outperform the traditional Internet relay chat (IRC) botnets in evading detection and they have become a prevailing type of threat to the Internet nowadays.Current methods for detecting P2P botnets,such as similarity analysis of network behavior and machine-learning based classification,cannot handle the challenges brought about by different network scenarios and botnet variants.We noticed that one important but neglected characteristic of P2P bots is that they periodically send requests to update their peer lists or receive commands from botmasters in the command-and-control (C&C) phase.In this paper,we propose a novel detection model named detection by mining regional periodicity (DMRP),including capturing the event time series,mining the hidden periodicity of host behaviors,and evaluating the mined periodic patterns to identify P2P bot traffic.As our detection model is built based on the basic properties of P2P protocols,it is difficult for P2P bots to avoid being detected as long as P2P protocols are employed in their C&C.For hidden periodicity mining,we introduce the so-called regional periodic pattern mining in a time series and present our algorithms to solve the mining problem.The experimental evaluation on public datasets demonstrates that the algorithms are promising for efficient P2P bot detection in the C&C phase. 展开更多
关键词 P2P botnet detection Regional periodicity APRIORI Autocorrelation function Evaluation function
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部