191 research outputs found
PeerHunter: Detecting Peer-to-Peer Botnets through Community Behavior Analysis
Peer-to-peer (P2P) botnets have become one of the major threats in network
security for serving as the infrastructure that responsible for various of
cyber-crimes. Though a few existing work claimed to detect traditional botnets
effectively, the problem of detecting P2P botnets involves more challenges. In
this paper, we present PeerHunter, a community behavior analysis based method,
which is capable of detecting botnets that communicate via a P2P structure.
PeerHunter starts from a P2P hosts detection component. Then, it uses mutual
contacts as the main feature to cluster bots into communities. Finally, it uses
community behavior analysis to detect potential botnet communities and further
identify bot candidates. Through extensive experiments with real and simulated
network traces, PeerHunter can achieve very high detection rate and low false
positives.Comment: 8 pages, 2 figures, 11 tables, 2017 IEEE Conference on Dependable and
Secure Computin
XG-BoT: An Explainable Deep Graph Neural Network for Botnet Detection and Forensics
In this paper, we proposed XG-BoT, an explainable deep graph neural network
model for botnet node detection. The proposed model is mainly composed of a
botnet detector and an explainer for automatic forensics. The XG-BoT detector
can effectively detect malicious botnet nodes under large-scale networks.
Specifically, it utilizes a grouped reversible residual connection with a graph
isomorphism network to learn expressive node representations from the botnet
communication graphs. The explainer in XG-BoT can perform automatic network
forensics by highlighting suspicious network flows and related botnet nodes. We
evaluated XG-BoT on real-world, large-scale botnet network graphs. Overall,
XG-BoT is able to outperform the state-of-the-art in terms of evaluation
metrics. In addition, we show that the XG-BoT explainer can generate useful
explanations based on GNNExplainer for automatic network forensics.Comment: 6 pages, 3 figure
AppCon: Mitigating evasion attacks to ML cyber detectors
Adversarial attacks represent a critical issue that prevents the reliable integration of machine learning methods into cyber defense systems. Past work has shown that even proficient detectors are highly affected just by small perturbations to malicious samples, and that existing countermeasures are immature. We address this problem by presenting AppCon, an original approach to harden intrusion detectors against adversarial evasion attacks. Our proposal leverages the integration of ensemble learning to realistic network environments, by combining layers of detectors devoted to monitor the behavior of the applications employed by the organization. Our proposal is validated through extensive experiments performed in heterogeneous network settings simulating botnet detection scenarios, and consider detectors based on distinct machine-and deep-learning algorithms. The results demonstrate the effectiveness of AppCon in mitigating the dangerous threat of adversarial attacks in over 75% of the considered evasion attempts, while not being affected by the limitations of existing countermeasures, such as performance degradation in non-adversarial settings. For these reasons, our proposal represents a valuable contribution to the development of more secure cyber defense platforms
Machine Learning-Enabled IoT Security: Open Issues and Challenges Under Advanced Persistent Threats
Despite its technological benefits, Internet of Things (IoT) has cyber
weaknesses due to the vulnerabilities in the wireless medium. Machine learning
(ML)-based methods are widely used against cyber threats in IoT networks with
promising performance. Advanced persistent threat (APT) is prominent for
cybercriminals to compromise networks, and it is crucial to long-term and
harmful characteristics. However, it is difficult to apply ML-based approaches
to identify APT attacks to obtain a promising detection performance due to an
extremely small percentage among normal traffic. There are limited surveys to
fully investigate APT attacks in IoT networks due to the lack of public
datasets with all types of APT attacks. It is worth to bridge the
state-of-the-art in network attack detection with APT attack detection in a
comprehensive review article. This survey article reviews the security
challenges in IoT networks and presents the well-known attacks, APT attacks,
and threat models in IoT systems. Meanwhile, signature-based, anomaly-based,
and hybrid intrusion detection systems are summarized for IoT networks. The
article highlights statistical insights regarding frequently applied ML-based
methods against network intrusion alongside the number of attacks types
detected. Finally, open issues and challenges for common network intrusion and
APT attacks are presented for future research.Comment: ACM Computing Surveys, 2022, 35 pages, 10 Figures, 8 Table
BotCap: Machine Learning Approach for Botnet Detection Based on Statistical Features
In this paper, we describe a detailed approach to develop a botnet detection system using machine learning (ML)techniques. Detecting botnet member hosts, or identifying botnet traffic has been the main subject of manyresearch efforts. This research aims to overcome two serious limitations of current botnet detection systems:First, the need for Deep Packet Inspection-DPI and the need to collect traffic from several infected hosts. Toachieve that, we have analyzed several botware samples of known botnets. Based on this analysis, we haveidentified a set of statistical features that may help to distinguish between benign and botnet malicious traffic.Then, we have carried several machine learning experiments in order to test the suitability of ML techniques andalso to pick a minimal subset of the identified features that provide best detection. We have implemented ourapproach in a tool called BotCap whose test results showed its proven ability to detect individually infected hostsin a local network
On the Evaluation of Sequential Machine Learning for Network Intrusion Detection
Recent advances in deep learning renewed the research interests in machine
learning for Network Intrusion Detection Systems (NIDS). Specifically,
attention has been given to sequential learning models, due to their ability to
extract the temporal characteristics of Network traffic Flows (NetFlows), and
use them for NIDS tasks. However, the applications of these sequential models
often consist of transferring and adapting methodologies directly from other
fields, without an in-depth investigation on how to leverage the specific
circumstances of cybersecurity scenarios; moreover, there is a lack of
comprehensive studies on sequential models that rely on NetFlow data, which
presents significant advantages over traditional full packet captures. We
tackle this problem in this paper. We propose a detailed methodology to extract
temporal sequences of NetFlows that denote patterns of malicious activities.
Then, we apply this methodology to compare the efficacy of sequential learning
models against traditional static learning models. In particular, we perform a
fair comparison of a `sequential' Long Short-Term Memory (LSTM) against a
`static' Feedforward Neural Networks (FNN) in distinct environments represented
by two well-known datasets for NIDS: the CICIDS2017 and the CTU13. Our results
highlight that LSTM achieves comparable performance to FNN in the CICIDS2017
with over 99.5\% F1-score; while obtaining superior performance in the CTU13,
with 95.7\% F1-score against 91.5\%. This paper thus paves the way to future
applications of sequential learning models for NIDS
Artificial Intelligence and Machine Learning in Cybersecurity: Applications, Challenges, and Opportunities for MIS Academics
The availability of massive amounts of data, fast computers, and superior machine learning (ML) algorithms has spurred interest in artificial intelligence (AI). It is no surprise, then, that we observe an increase in the application of AI in cybersecurity. Our survey of AI applications in cybersecurity shows most of the present applications are in the areas of malware identification and classification, intrusion detection, and cybercrime prevention. We should, however, be aware that AI-enabled cybersecurity is not without its drawbacks. Challenges to AI solutions include a shortage of good quality data to train machine learning models, the potential for exploits via adversarial AI/ML, and limited human expertise in AI. However, the rewards in terms of increased accuracy of cyberattack predictions, faster response to cyberattacks, and improved cybersecurity make it worthwhile to overcome these challenges. We present a summary of the current research on the application of AI and ML to improve cybersecurity, challenges that need to be overcome, and research opportunities for academics in management information systems
Role of Artificial Intelligence in the Internet of Things (IoT) Cybersecurity
In recent years, the use of the Internet of Things (IoT) has increased exponentially, and cybersecurity concerns have increased along with it. On the cutting edge of cybersecurity is Artificial Intelligence (AI), which is used for the development of complex algorithms to protect networks and systems, including IoT systems. However, cyber-attackers have figured out how to exploit AI and have even begun to use adversarial AI in order to carry out cybersecurity attacks. This review paper compiles information from several other surveys and research papers regarding IoT, AI, and attacks with and against AI and explores the relationship between these three topics with the purpose of comprehensively presenting and summarizing relevant literature in these fields
Deep Learning for Network Traffic Monitoring and Analysis (NTMA): A Survey
Modern communication systems and networks, e.g., Internet of Things (IoT) and cellular networks, generate a massive and heterogeneous amount of traffic data. In such networks, the traditional network management techniques for monitoring and data analytics face some challenges and issues, e.g., accuracy, and effective processing of big data in a real-time fashion. Moreover, the pattern of network traffic, especially in cellular networks, shows very complex behavior because of various factors, such as device mobility and network heterogeneity. Deep learning has been efficiently employed to facilitate analytics and knowledge discovery in big data systems to recognize hidden and complex patterns. Motivated by these successes, researchers in the field of networking apply deep learning models for Network Traffic Monitoring and Analysis (NTMA) applications, e.g., traffic classification and prediction. This paper provides a comprehensive review on applications of deep learning in NTMA. We first provide fundamental background relevant to our review. Then, we give an insight into the confluence of deep learning and NTMA, and review deep learning techniques proposed for NTMA applications. Finally, we discuss key challenges, open issues, and future research directions for using deep learning in NTMA applications.publishedVersio
- …