1,917 research outputs found
Botnet Detection using Social Graph Analysis
Signature-based botnet detection methods identify botnets by recognizing
Command and Control (C\&C) traffic and can be ineffective for botnets that use
new and sophisticate mechanisms for such communications. To address these
limitations, we propose a novel botnet detection method that analyzes the
social relationships among nodes. The method consists of two stages: (i)
anomaly detection in an "interaction" graph among nodes using large deviations
results on the degree distribution, and (ii) community detection in a social
"correlation" graph whose edges connect nodes with highly correlated
communications. The latter stage uses a refined modularity measure and
formulates the problem as a non-convex optimization problem for which
appropriate relaxation strategies are developed. We apply our method to
real-world botnet traffic and compare its performance with other community
detection methods. The results show that our approach works effectively and the
refined modularity measure improves the detection accuracy.Comment: 7 pages. Allerton Conferenc
DDoS Attacks with Randomized Traffic Innovation: Botnet Identification Challenges and Strategies
Distributed Denial-of-Service (DDoS) attacks are usually launched through the
, an "army" of compromised nodes hidden in the network. Inferential
tools for DDoS mitigation should accordingly enable an early and reliable
discrimination of the normal users from the compromised ones. Unfortunately,
the recent emergence of attacks performed at the application layer has
multiplied the number of possibilities that a botnet can exploit to conceal its
malicious activities. New challenges arise, which cannot be addressed by simply
borrowing the tools that have been successfully applied so far to earlier DDoS
paradigms. In this work, we offer basically three contributions: we
introduce an abstract model for the aforementioned class of attacks, where the
botnet emulates normal traffic by continually learning admissible patterns from
the environment; we devise an inference algorithm that is shown to
provide a consistent (i.e., converging to the true solution as time progresses)
estimate of the botnet possibly hidden in the network; and we verify the
validity of the proposed inferential strategy over network traces.Comment: Submitted for publicatio
Towards a Reliable Comparison and Evaluation of Network Intrusion Detection Systems Based on Machine Learning Approaches
Presently, we are living in a hyper-connected world where millions of heterogeneous devices are continuously sharing information in different application contexts for wellness, improving communications, digital businesses, etc. However, the bigger the number of devices and connections are, the higher the risk of security threats in this scenario. To counteract against malicious behaviours and preserve essential security services, Network Intrusion Detection Systems (NIDSs) are the most widely used defence line in communications networks. Nevertheless, there is no standard methodology to evaluate and fairly compare NIDSs. Most of the proposals elude mentioning crucial steps regarding NIDSs validation that make their comparison hard or even impossible. This work firstly includes a comprehensive study of recent NIDSs based on machine learning approaches, concluding that almost all of them do not accomplish with what authors of this paper consider mandatory steps for a reliable comparison and evaluation of NIDSs. Secondly, a structured methodology is proposed and assessed on the UGR'16 dataset to test its suitability for addressing network attack detection problems. The guideline and steps recommended will definitively help the research community to fairly assess NIDSs, although the definitive framework is not a trivial task and, therefore, some extra effort should still be made to improve its understandability and usability further
- …