The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as P...The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as Peer-to-Peer(P2P)networks.The P2P botnets leverage the privileges of the decentralized nature of P2P networks.Consequently,the P2P botnets exploit the resilience of this architecture to be arduous against take-down procedures.Some P2P botnets are smarter to be stealthy in their Commandand-Control mechanisms(C2)and elude the standard discovery mechanisms.Therefore,the other side of this cyberwar is the monitor.The P2P botnet monitoring is an exacting mission because the monitoring must care about many aspects simultaneously.Some aspects pertain to the existing monitoring approaches,some pertain to the nature of P2P networks,and some to counter the botnets,i.e.,the anti-monitoring mechanisms.All these challenges should be considered in P2P botnet monitoring.To begin with,this paper provides an anatomy of P2P botnets.Thereafter,this paper exhaustively reviews the existing monitoring approaches of P2P botnets and thoroughly discusses each to reveal its advantages and disadvantages.In addition,this paper groups the monitoring approaches into three groups:passive,active,and hybrid monitoring approaches.Furthermore,this paper also discusses the functional and non-functional requirements of advanced monitoring.In conclusion,this paper ends by epitomizing the challenges of various aspects and gives future avenues for better monitoring of P2P botnets.展开更多
In the face of the increasingly severe Botnet problem on the Internet,how to effectively detect Botnet traffic in realtime has become a critical problem.Although the existing deepQnetwork(DQN)algorithminDeep reinforce...In the face of the increasingly severe Botnet problem on the Internet,how to effectively detect Botnet traffic in realtime has become a critical problem.Although the existing deepQnetwork(DQN)algorithminDeep reinforcement learning can solve the problem of real-time updating,its prediction results are always higher than the actual results.In Botnet traffic detection,although it performs well in the training set,the accuracy rate of predicting traffic is as high as%;however,in the test set,its accuracy has declined,and it is impossible to adjust its prediction strategy on time based on new data samples.However,in the new dataset,its accuracy has declined significantly.Therefore,this paper proposes a Botnet traffic detection system based on double-layer DQN(DDQN).Two Q-values are designed to adjust the model in policy and action,respectively,to achieve real-time model updates and improve the universality and robustness of the model under different data sets.Experiments show that compared with the DQN model,when using DDQN,the Q-value is not too high,and the detectionmodel has improved the accuracy and precision of Botnet traffic.Moreover,when using Botnet data sets other than the test set,the accuracy and precision of theDDQNmodel are still higher than DQN.展开更多
Increasing Internet of Things(IoT)device connectivity makes botnet attacks more dangerous,carrying catastrophic hazards.As IoT botnets evolve,their dynamic and multifaceted nature hampers conventional detection method...Increasing Internet of Things(IoT)device connectivity makes botnet attacks more dangerous,carrying catastrophic hazards.As IoT botnets evolve,their dynamic and multifaceted nature hampers conventional detection methods.This paper proposes a risk assessment framework based on fuzzy logic and Particle Swarm Optimization(PSO)to address the risks associated with IoT botnets.Fuzzy logic addresses IoT threat uncertainties and ambiguities methodically.Fuzzy component settings are optimized using PSO to improve accuracy.The methodology allows for more complex thinking by transitioning from binary to continuous assessment.Instead of expert inputs,PSO data-driven tunes rules and membership functions.This study presents a complete IoT botnet risk assessment system.The methodology helps security teams allocate resources by categorizing threats as high,medium,or low severity.This study shows how CICIoT2023 can assess cyber risks.Our research has implications beyond detection,as it provides a proactive approach to risk management and promotes the development of more secure IoT environments.展开更多
The mobile botnet, developed from the traditional PC-based botnets, has become a practical underlying trend. In this paper, we design a mobile botnet, which exploits a novel command and control (CC) strategy named P...The mobile botnet, developed from the traditional PC-based botnets, has become a practical underlying trend. In this paper, we design a mobile botnet, which exploits a novel command and control (CC) strategy named Push-Styled CC. It utilizes Google cloud messaging (GCM) service as the botnet channel. Compared with traditional botnet, Push-Styled CC avoids direct communications between botmasters and bots, which makes mobile botnets more stealthy and resilient. Since mobile devices users are sensitive to battery power and traffic consumption, Push- Styled botnet also applies adaptive network connection strategy to reduce traffic consumption and cost. To prove the efficacy of our design, we implemented the prototype of Push-Style CC in Android. The experiment results show that botnet traffic can be concealed in legal GCM traffic with low traffic cost.展开更多
The botnet is the network of compromised computers that have fallen under the control of hackers after being infected by malicious programs such as trojan viruses. The compromised machines are mobilized to perform var...The botnet is the network of compromised computers that have fallen under the control of hackers after being infected by malicious programs such as trojan viruses. The compromised machines are mobilized to perform various attacks including mass spamming, distributed denial of service (DDoS) and additional trojans. This is becoming one of the most serious threats to the Internet infrastructure at present. We introduce a method to uncover compromised machines and characterize their behaviors using large email logs. We report various spain campaign variants with different characteristics and introduce a statistical method to combine them. We also report the long-term evolution patterns of the spare campaigns.展开更多
Botnets are networks composed with malware-infect ed computers.They are designed and organized to be controlled by an adversary.As victims are infected through their inappropriate network behaviors in most cases,the I...Botnets are networks composed with malware-infect ed computers.They are designed and organized to be controlled by an adversary.As victims are infected through their inappropriate network behaviors in most cases,the Internet protocol(IP) addresses of infected bots are unpredictable.Plus,a bot can get an IP address through dynamic host configuration protocol(DHCP),so they need to get in touch with the controller initiatively and they should attempt continuously because a controller can't be always online.The whole process is carried out under the command and control(C&C) channel.Our goal is to characterize the network traffic under the C&C channel on the time domain.Our analysis draws upon massive data obtained from honeynet and a large Internet service provider(ISP) Network.We extract and summarize fingerprints of the bots collected in our honeynet.Next,with the fingerprints,we use deep packet inspection(DPI) Technology to search active bots and controllers in the Internet.Then,we gather and analyze flow records reported from network traffic monitoring equipments.In this paper,we propose a flow record interval analysis on the time domain characteristics of botnets control traffic,and we propose the algorithm to identify the communications in the C&C channel based on our analysis.After that,we evaluate our approach with a 3.4 GB flow record trace and the result is satisfactory.In addition,we believe that our work is also useful information in the design of botnet detection schemes with the deep flow inspection(DFI) technology.展开更多
Distributed Denial of Service(DDoS)attacks have always been a major concern in the security field.With the release of malware source codes such as BASHLITE and Mirai,Internet of Things(IoT)devices have become the new ...Distributed Denial of Service(DDoS)attacks have always been a major concern in the security field.With the release of malware source codes such as BASHLITE and Mirai,Internet of Things(IoT)devices have become the new source of DDoS attacks against many Internet applications.Although there are many datasets in the field of IoT intrusion detection,such as Bot-IoT,ConstrainedApplication Protocol–Denial of Service(CoAPDoS),and LATAM-DDoS-IoT(some of the names of DDoS datasets),which mainly focus on DDoS attacks,the datasets describing new IoT DDoS attack scenarios are extremely rare,and only N-BaIoT and IoT-23 datasets used IoT devices as DDoS attackers in the construction process,while they did not use Internet applications as victims either.To supplement the description of the new trend of DDoS attacks in the dataset,we built an IoT environment with mainstream DDoS attack tools such as Mirai and BASHLITE being used to infect IoT devices and implement DDoS attacks against WEB servers.Then,data aggregated into a dataset namedMBB-IoTwere captured atWEBservers and IoT nodes.After the MBB-IoT dataset was split into a training set and a test set,it was applied to the training and testing of the Random Forests classification algorithm.The multi-class classification metrics were good and all above 90%.Secondly,in a cross-evaluation experiment based on Support Vector Machine(SVM),Light Gradient Boosting Machine(LightGBM),and Long Short Term Memory networks(LSTM)classification algorithms,the training set and test set were derived from different datasets(MBB-IoT or IoT-23),and the test performance is better when MBB-IoT is used as the training set.展开更多
Cloud computing is one of the most attractive and cost-saving models,which provides online services to end-users.Cloud computing allows the user to access data directly from any node.But nowadays,cloud security is one...Cloud computing is one of the most attractive and cost-saving models,which provides online services to end-users.Cloud computing allows the user to access data directly from any node.But nowadays,cloud security is one of the biggest issues that arise.Different types of malware are wreaking havoc on the clouds.Attacks on the cloud server are happening from both internal and external sides.This paper has developed a tool to prevent the cloud server from spamming attacks.When an attacker attempts to use different spamming techniques on a cloud server,the attacker will be intercepted through two effective techniques:Cloudflare and K-nearest neighbors(KNN)classification.Cloudflare will block those IP addresses that the attacker will use and prevent spamming attacks.However,the KNN classifiers will determine which area the spammer belongs to.At the end of the article,various prevention techniques for securing cloud servers will be discussed,a comparison will be made with different papers,a conclusion will be drawn based on different results.展开更多
The exponential growth in the development of smartphones and handheld devices is permeated due to everyday activities i.e.,games applications,entertainment,online banking,social network sites,etc.,and also allow the e...The exponential growth in the development of smartphones and handheld devices is permeated due to everyday activities i.e.,games applications,entertainment,online banking,social network sites,etc.,and also allow the end users to perform a variety of activities.Because of activities,mobile devices attract cybercriminals to initiate an attack over a diverse range of malicious activities such as theft of unauthorized information,phishing,spamming,Distributed Denial of Services(DDoS),and malware dissemination.Botnet applications are a type of harmful attack that can be used to launch malicious activities and has become a significant threat in the research area.A botnet is a collection of infected devices that are managed by a botmaster and communicate with each other via a command server in order to carry out malicious attacks.With the rise in malicious attacks,detecting botnet applications has become more challenging.Therefore,it is essential to investigate mobile botnet attacks to uncover the security issues in severe financial and ethical damages caused by a massive coordinated command server.Current state of the art,various solutions were provided for the detection of botnet applications,but in general,the researchers suffer various techniques of machine learning-based methods with static features which are usually ineffective when obfuscation techniques are used for the detection of botnet applications.In this paper,we propose an approach by exploring the concept of a deep learning-based method and present a well-defined Convolutional Neural Network(CNN)model.Using the visualization approach,we obtain the colored images through byte code files of applications and perform an experiment.For analysis of the results of an experiment,we differentiate the performance of the model from other existing research studies.Furthermore,our method outperforms with 94.34%accuracy,92.9%of precision,and 92%of recall.展开更多
The number of botnet malware attacks on Internet devices has grown at an equivalent rate to the number of Internet devices that are connected to the Internet.Bot detection using machine learning(ML)with flow-based fea...The number of botnet malware attacks on Internet devices has grown at an equivalent rate to the number of Internet devices that are connected to the Internet.Bot detection using machine learning(ML)with flow-based features has been extensively studied in the literature.Existing flow-based detection methods involve significant computational overhead that does not completely capture network communication patterns that might reveal other features ofmalicious hosts.Recently,Graph-Based Bot Detection methods using ML have gained attention to overcome these limitations,as graphs provide a real representation of network communications.The purpose of this study is to build a botnet malware detection system utilizing centrality measures for graph-based botnet detection and ML.We propose BotSward,a graph-based bot detection system that is based on ML.We apply the efficient centrality measures,which are Closeness Centrality(CC),Degree Centrality(CC),and PageRank(PR),and compare them with others used in the state-of-the-art.The efficiency of the proposed method is verified on the available Czech Technical University 13 dataset(CTU-13).The CTU-13 dataset contains 13 real botnet traffic scenarios that are connected to a command-and-control(C&C)channel and that cause malicious actions such as phishing,distributed denial-of-service(DDoS)attacks,spam attacks,etc.BotSward is robust to zero-day attacks,suitable for large-scale datasets,and is intended to produce better accuracy than state-of-the-art techniques.The proposed BotSward solution achieved 99%accuracy in botnet attack detection with a false positive rate as low as 0.0001%.展开更多
Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively ...Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively manage,optimize,and maintain these systems.Due to their distributed nature,machine learning models are challenging to deploy in traditional networks.However,Software-Defined Networking(SDN)presents an opportunity to integrate intelligence into networks by offering a programmable architecture that separates data and control planes.SDN provides a centralized network view and allows for dynamic updates of flow rules and softwarebased traffic analysis.While the programmable nature of SDN makes it easier to deploy machine learning techniques,the centralized control logic also makes it vulnerable to cyberattacks.To address these issues,recent research has focused on developing powerful machine-learning methods for detecting and mitigating attacks in SDN environments.This paper highlighted the countermeasures for cyberattacks on SDN and how current machine learningbased solutions can overcome these emerging issues.We also discuss the pros and cons of using machine learning algorithms for detecting and mitigating these attacks.Finally,we highlighted research issues,gaps,and challenges in developing machine learning-based solutions to secure the SDN controller,to help the research and network community to develop more robust and reliable solutions.展开更多
The smart city comprises various infrastructures,including health-care,transportation,manufacturing,and energy.A smart city’s Internet of Things(IoT)environment constitutes a massive IoT environment encom-passing num...The smart city comprises various infrastructures,including health-care,transportation,manufacturing,and energy.A smart city’s Internet of Things(IoT)environment constitutes a massive IoT environment encom-passing numerous devices.As many devices are installed,managing security for the entire IoT device ecosystem becomes challenging,and attack vectors accessible to attackers increase.However,these devices often have low power and specifications,lacking the same security features as general Information Technology(IT)systems,making them susceptible to cyberattacks.This vulnerability is particularly concerning in smart cities,where IoT devices are connected to essential support systems such as healthcare and transportation.Disruptions can lead to significant human and property damage.One rep-resentative attack that exploits IoT device vulnerabilities is the Distributed Denial of Service(DDoS)attack by forming an IoT botnet.In a smart city environment,the formation of IoT botnets can lead to extensive denial-of-service attacks,compromising the availability of services rendered by the city.Moreover,the same IoT devices are typically employed across various infrastructures within a smart city,making them potentially vulnerable to similar attacks.This paper addresses this problem by designing a defense process to effectively respond to IoT botnet attacks in smart city environ-ments.The proposed defense process leverages the defense techniques of the MITRE D3FEND framework to mitigate the propagation of IoT botnets and support rapid and integrated decision-making by security personnel,enabling an immediate response.展开更多
Internet of things(IOT)possess cultural,commercial and social effect in life in the future.The nodes which are participating in IOT network are basi-cally attracted by the cyber-attack targets.Attack and identification...Internet of things(IOT)possess cultural,commercial and social effect in life in the future.The nodes which are participating in IOT network are basi-cally attracted by the cyber-attack targets.Attack and identification of anomalies in IoT infrastructure is a growing problem in the IoT domain.Machine Learning Based Ensemble Intrusion Detection(MLEID)method is applied in order to resolve the drawback by minimizing malicious actions in related botnet attacks on Message Queue Telemetry Transport(MQTT)and Hyper-Text Transfer Proto-col(HTTP)protocols.The proposed work has two significant contributions which are a selection of features and detection of attacks.New features are chosen from Improved Ant Colony Optimization(IACO)in the feature selection,and then the detection of attacks is carried out based on a combination of their possible proper-ties.The IACO approach is focused on defining the attacker’s important features against HTTP and MQTT.In the IACO algorithm,the constant factor is calculated against HTTP and MQTT based on the mean function for each element.Attack detection,the performance of several machine learning models are Distance Deci-sion Tree(DDT),Adaptive Neuro-Fuzzy Inference System(ANFIS)and Mahala-nobis Distance Support Vector Machine(MDSVM)were compared with predicting accurate attacks on the IoT network.The outcomes of these classifiers are combined into the ensemble model.The proposed MLEID strategy has effec-tively established malicious incidents.The UNSW-NB15 dataset is used to test the MLEID technique using data from simulated IoT sensors.Besides,the pro-posed MLEID technique has a greater detection rate and an inferior rate of false-positive compared to other conventional techniques.展开更多
基金This work was supported by the Ministry of Higher Education Malaysia’s Fundamental Research Grant Scheme under Grant FRGS/1/2021/ICT07/USM/03/1.
文摘The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as Peer-to-Peer(P2P)networks.The P2P botnets leverage the privileges of the decentralized nature of P2P networks.Consequently,the P2P botnets exploit the resilience of this architecture to be arduous against take-down procedures.Some P2P botnets are smarter to be stealthy in their Commandand-Control mechanisms(C2)and elude the standard discovery mechanisms.Therefore,the other side of this cyberwar is the monitor.The P2P botnet monitoring is an exacting mission because the monitoring must care about many aspects simultaneously.Some aspects pertain to the existing monitoring approaches,some pertain to the nature of P2P networks,and some to counter the botnets,i.e.,the anti-monitoring mechanisms.All these challenges should be considered in P2P botnet monitoring.To begin with,this paper provides an anatomy of P2P botnets.Thereafter,this paper exhaustively reviews the existing monitoring approaches of P2P botnets and thoroughly discusses each to reveal its advantages and disadvantages.In addition,this paper groups the monitoring approaches into three groups:passive,active,and hybrid monitoring approaches.Furthermore,this paper also discusses the functional and non-functional requirements of advanced monitoring.In conclusion,this paper ends by epitomizing the challenges of various aspects and gives future avenues for better monitoring of P2P botnets.
基金the Liaoning Province Applied Basic Research Program,2023JH2/101600038.
文摘In the face of the increasingly severe Botnet problem on the Internet,how to effectively detect Botnet traffic in realtime has become a critical problem.Although the existing deepQnetwork(DQN)algorithminDeep reinforcement learning can solve the problem of real-time updating,its prediction results are always higher than the actual results.In Botnet traffic detection,although it performs well in the training set,the accuracy rate of predicting traffic is as high as%;however,in the test set,its accuracy has declined,and it is impossible to adjust its prediction strategy on time based on new data samples.However,in the new dataset,its accuracy has declined significantly.Therefore,this paper proposes a Botnet traffic detection system based on double-layer DQN(DDQN).Two Q-values are designed to adjust the model in policy and action,respectively,to achieve real-time model updates and improve the universality and robustness of the model under different data sets.Experiments show that compared with the DQN model,when using DDQN,the Q-value is not too high,and the detectionmodel has improved the accuracy and precision of Botnet traffic.Moreover,when using Botnet data sets other than the test set,the accuracy and precision of theDDQNmodel are still higher than DQN.
文摘Increasing Internet of Things(IoT)device connectivity makes botnet attacks more dangerous,carrying catastrophic hazards.As IoT botnets evolve,their dynamic and multifaceted nature hampers conventional detection methods.This paper proposes a risk assessment framework based on fuzzy logic and Particle Swarm Optimization(PSO)to address the risks associated with IoT botnets.Fuzzy logic addresses IoT threat uncertainties and ambiguities methodically.Fuzzy component settings are optimized using PSO to improve accuracy.The methodology allows for more complex thinking by transitioning from binary to continuous assessment.Instead of expert inputs,PSO data-driven tunes rules and membership functions.This study presents a complete IoT botnet risk assessment system.The methodology helps security teams allocate resources by categorizing threats as high,medium,or low severity.This study shows how CICIoT2023 can assess cyber risks.Our research has implications beyond detection,as it provides a proactive approach to risk management and promotes the development of more secure IoT environments.
基金Supported by the National Natural Science Foundation of China (61202353, 61272084, 61272422)Graduate Innovation Foundation of Jiangsu Province (CXLX13_464)Natural Science Foundation of Jiangsu Higher Education Institutions (12KJB520008)
文摘The mobile botnet, developed from the traditional PC-based botnets, has become a practical underlying trend. In this paper, we design a mobile botnet, which exploits a novel command and control (CC) strategy named Push-Styled CC. It utilizes Google cloud messaging (GCM) service as the botnet channel. Compared with traditional botnet, Push-Styled CC avoids direct communications between botmasters and bots, which makes mobile botnets more stealthy and resilient. Since mobile devices users are sensitive to battery power and traffic consumption, Push- Styled botnet also applies adaptive network connection strategy to reduce traffic consumption and cost. To prove the efficacy of our design, we implemented the prototype of Push-Style CC in Android. The experiment results show that botnet traffic can be concealed in legal GCM traffic with low traffic cost.
基金supported by the National Research Foundation of Korea (NRF) funded by the Ministry of Education,Science and Technology (MEST) of Korea under Grant No. 2012R1A2A2A01014729
文摘The botnet is the network of compromised computers that have fallen under the control of hackers after being infected by malicious programs such as trojan viruses. The compromised machines are mobilized to perform various attacks including mass spamming, distributed denial of service (DDoS) and additional trojans. This is becoming one of the most serious threats to the Internet infrastructure at present. We introduce a method to uncover compromised machines and characterize their behaviors using large email logs. We report various spain campaign variants with different characteristics and introduce a statistical method to combine them. We also report the long-term evolution patterns of the spare campaigns.
基金supported by the National Science & Technology Pillar Program (2008BAH37B04)
文摘Botnets are networks composed with malware-infect ed computers.They are designed and organized to be controlled by an adversary.As victims are infected through their inappropriate network behaviors in most cases,the Internet protocol(IP) addresses of infected bots are unpredictable.Plus,a bot can get an IP address through dynamic host configuration protocol(DHCP),so they need to get in touch with the controller initiatively and they should attempt continuously because a controller can't be always online.The whole process is carried out under the command and control(C&C) channel.Our goal is to characterize the network traffic under the C&C channel on the time domain.Our analysis draws upon massive data obtained from honeynet and a large Internet service provider(ISP) Network.We extract and summarize fingerprints of the bots collected in our honeynet.Next,with the fingerprints,we use deep packet inspection(DPI) Technology to search active bots and controllers in the Internet.Then,we gather and analyze flow records reported from network traffic monitoring equipments.In this paper,we propose a flow record interval analysis on the time domain characteristics of botnets control traffic,and we propose the algorithm to identify the communications in the C&C channel based on our analysis.After that,we evaluate our approach with a 3.4 GB flow record trace and the result is satisfactory.In addition,we believe that our work is also useful information in the design of botnet detection schemes with the deep flow inspection(DFI) technology.
文摘Distributed Denial of Service(DDoS)attacks have always been a major concern in the security field.With the release of malware source codes such as BASHLITE and Mirai,Internet of Things(IoT)devices have become the new source of DDoS attacks against many Internet applications.Although there are many datasets in the field of IoT intrusion detection,such as Bot-IoT,ConstrainedApplication Protocol–Denial of Service(CoAPDoS),and LATAM-DDoS-IoT(some of the names of DDoS datasets),which mainly focus on DDoS attacks,the datasets describing new IoT DDoS attack scenarios are extremely rare,and only N-BaIoT and IoT-23 datasets used IoT devices as DDoS attackers in the construction process,while they did not use Internet applications as victims either.To supplement the description of the new trend of DDoS attacks in the dataset,we built an IoT environment with mainstream DDoS attack tools such as Mirai and BASHLITE being used to infect IoT devices and implement DDoS attacks against WEB servers.Then,data aggregated into a dataset namedMBB-IoTwere captured atWEBservers and IoT nodes.After the MBB-IoT dataset was split into a training set and a test set,it was applied to the training and testing of the Random Forests classification algorithm.The multi-class classification metrics were good and all above 90%.Secondly,in a cross-evaluation experiment based on Support Vector Machine(SVM),Light Gradient Boosting Machine(LightGBM),and Long Short Term Memory networks(LSTM)classification algorithms,the training set and test set were derived from different datasets(MBB-IoT or IoT-23),and the test performance is better when MBB-IoT is used as the training set.
文摘Cloud computing is one of the most attractive and cost-saving models,which provides online services to end-users.Cloud computing allows the user to access data directly from any node.But nowadays,cloud security is one of the biggest issues that arise.Different types of malware are wreaking havoc on the clouds.Attacks on the cloud server are happening from both internal and external sides.This paper has developed a tool to prevent the cloud server from spamming attacks.When an attacker attempts to use different spamming techniques on a cloud server,the attacker will be intercepted through two effective techniques:Cloudflare and K-nearest neighbors(KNN)classification.Cloudflare will block those IP addresses that the attacker will use and prevent spamming attacks.However,the KNN classifiers will determine which area the spammer belongs to.At the end of the article,various prevention techniques for securing cloud servers will be discussed,a comparison will be made with different papers,a conclusion will be drawn based on different results.
文摘The exponential growth in the development of smartphones and handheld devices is permeated due to everyday activities i.e.,games applications,entertainment,online banking,social network sites,etc.,and also allow the end users to perform a variety of activities.Because of activities,mobile devices attract cybercriminals to initiate an attack over a diverse range of malicious activities such as theft of unauthorized information,phishing,spamming,Distributed Denial of Services(DDoS),and malware dissemination.Botnet applications are a type of harmful attack that can be used to launch malicious activities and has become a significant threat in the research area.A botnet is a collection of infected devices that are managed by a botmaster and communicate with each other via a command server in order to carry out malicious attacks.With the rise in malicious attacks,detecting botnet applications has become more challenging.Therefore,it is essential to investigate mobile botnet attacks to uncover the security issues in severe financial and ethical damages caused by a massive coordinated command server.Current state of the art,various solutions were provided for the detection of botnet applications,but in general,the researchers suffer various techniques of machine learning-based methods with static features which are usually ineffective when obfuscation techniques are used for the detection of botnet applications.In this paper,we propose an approach by exploring the concept of a deep learning-based method and present a well-defined Convolutional Neural Network(CNN)model.Using the visualization approach,we obtain the colored images through byte code files of applications and perform an experiment.For analysis of the results of an experiment,we differentiate the performance of the model from other existing research studies.Furthermore,our method outperforms with 94.34%accuracy,92.9%of precision,and 92%of recall.
文摘The number of botnet malware attacks on Internet devices has grown at an equivalent rate to the number of Internet devices that are connected to the Internet.Bot detection using machine learning(ML)with flow-based features has been extensively studied in the literature.Existing flow-based detection methods involve significant computational overhead that does not completely capture network communication patterns that might reveal other features ofmalicious hosts.Recently,Graph-Based Bot Detection methods using ML have gained attention to overcome these limitations,as graphs provide a real representation of network communications.The purpose of this study is to build a botnet malware detection system utilizing centrality measures for graph-based botnet detection and ML.We propose BotSward,a graph-based bot detection system that is based on ML.We apply the efficient centrality measures,which are Closeness Centrality(CC),Degree Centrality(CC),and PageRank(PR),and compare them with others used in the state-of-the-art.The efficiency of the proposed method is verified on the available Czech Technical University 13 dataset(CTU-13).The CTU-13 dataset contains 13 real botnet traffic scenarios that are connected to a command-and-control(C&C)channel and that cause malicious actions such as phishing,distributed denial-of-service(DDoS)attacks,spam attacks,etc.BotSward is robust to zero-day attacks,suitable for large-scale datasets,and is intended to produce better accuracy than state-of-the-art techniques.The proposed BotSward solution achieved 99%accuracy in botnet attack detection with a false positive rate as low as 0.0001%.
文摘Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively manage,optimize,and maintain these systems.Due to their distributed nature,machine learning models are challenging to deploy in traditional networks.However,Software-Defined Networking(SDN)presents an opportunity to integrate intelligence into networks by offering a programmable architecture that separates data and control planes.SDN provides a centralized network view and allows for dynamic updates of flow rules and softwarebased traffic analysis.While the programmable nature of SDN makes it easier to deploy machine learning techniques,the centralized control logic also makes it vulnerable to cyberattacks.To address these issues,recent research has focused on developing powerful machine-learning methods for detecting and mitigating attacks in SDN environments.This paper highlighted the countermeasures for cyberattacks on SDN and how current machine learningbased solutions can overcome these emerging issues.We also discuss the pros and cons of using machine learning algorithms for detecting and mitigating these attacks.Finally,we highlighted research issues,gaps,and challenges in developing machine learning-based solutions to secure the SDN controller,to help the research and network community to develop more robust and reliable solutions.
基金supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-00493,5G Massive Next Generation Cyber Attack Deception Technology Development,60%)supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-01806,Development of Security by Design and Security Management Technology in Smart Factory,30%)this work was supported by the Gachon University Research Fund of 2023(GCU-202106330001%,10%).
文摘The smart city comprises various infrastructures,including health-care,transportation,manufacturing,and energy.A smart city’s Internet of Things(IoT)environment constitutes a massive IoT environment encom-passing numerous devices.As many devices are installed,managing security for the entire IoT device ecosystem becomes challenging,and attack vectors accessible to attackers increase.However,these devices often have low power and specifications,lacking the same security features as general Information Technology(IT)systems,making them susceptible to cyberattacks.This vulnerability is particularly concerning in smart cities,where IoT devices are connected to essential support systems such as healthcare and transportation.Disruptions can lead to significant human and property damage.One rep-resentative attack that exploits IoT device vulnerabilities is the Distributed Denial of Service(DDoS)attack by forming an IoT botnet.In a smart city environment,the formation of IoT botnets can lead to extensive denial-of-service attacks,compromising the availability of services rendered by the city.Moreover,the same IoT devices are typically employed across various infrastructures within a smart city,making them potentially vulnerable to similar attacks.This paper addresses this problem by designing a defense process to effectively respond to IoT botnet attacks in smart city environ-ments.The proposed defense process leverages the defense techniques of the MITRE D3FEND framework to mitigate the propagation of IoT botnets and support rapid and integrated decision-making by security personnel,enabling an immediate response.
文摘Internet of things(IOT)possess cultural,commercial and social effect in life in the future.The nodes which are participating in IOT network are basi-cally attracted by the cyber-attack targets.Attack and identification of anomalies in IoT infrastructure is a growing problem in the IoT domain.Machine Learning Based Ensemble Intrusion Detection(MLEID)method is applied in order to resolve the drawback by minimizing malicious actions in related botnet attacks on Message Queue Telemetry Transport(MQTT)and Hyper-Text Transfer Proto-col(HTTP)protocols.The proposed work has two significant contributions which are a selection of features and detection of attacks.New features are chosen from Improved Ant Colony Optimization(IACO)in the feature selection,and then the detection of attacks is carried out based on a combination of their possible proper-ties.The IACO approach is focused on defining the attacker’s important features against HTTP and MQTT.In the IACO algorithm,the constant factor is calculated against HTTP and MQTT based on the mean function for each element.Attack detection,the performance of several machine learning models are Distance Deci-sion Tree(DDT),Adaptive Neuro-Fuzzy Inference System(ANFIS)and Mahala-nobis Distance Support Vector Machine(MDSVM)were compared with predicting accurate attacks on the IoT network.The outcomes of these classifiers are combined into the ensemble model.The proposed MLEID strategy has effec-tively established malicious incidents.The UNSW-NB15 dataset is used to test the MLEID technique using data from simulated IoT sensors.Besides,the pro-posed MLEID technique has a greater detection rate and an inferior rate of false-positive compared to other conventional techniques.
