Botnet Detection Based on Flow Summary and Graph Sampling with Machine Learning

2021 International Conference on Computer Engineering and Application (ICCEA) Pub Date : 2021-06-01 DOI:10.1109/ICCEA53728.2021.00068

Chun Long, Xisheng Xiao, Wei Wan, Jing Zhao, Jinxia Wei, Guanyao Du

{"title":"Botnet Detection Based on Flow Summary and Graph Sampling with Machine Learning","authors":"Chun Long, Xisheng Xiao, Wei Wan, Jing Zhao, Jinxia Wei, Guanyao Du","doi":"10.1109/ICCEA53728.2021.00068","DOIUrl":null,"url":null,"abstract":"With the development of botnets, detecting and preventing botnet attacks has become an important task of network security research. Existing works rarely consider timing patterns in botnets, and thus are not effective in realistic botnet detection, nor can they detect unknown botnets. To deal with these problems, this paper proposes a flow summary and graph sampling based botnet detection method using machine learning algorithms. Firstly, the network flow data is aggregated according to the source host IPs, and the flow summary records are generated within a duration of time window. Meanwhile, we use graph sampling technology to obtain a subset of entire graph, obtaining 4 graph features which are added to the flow summary records. Afterwards, decision tree, random forest and XGBoost machine learning classification models are built to validate the performance of our method. The experimental results on the Bot- IoT and CTU-13 datasets show that the method we proposed can effectively detect botnet traffic and unknown botnets.","PeriodicalId":325790,"journal":{"name":"2021 International Conference on Computer Engineering and Application (ICCEA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Computer Engineering and Application (ICCEA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCEA53728.2021.00068","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

With the development of botnets, detecting and preventing botnet attacks has become an important task of network security research. Existing works rarely consider timing patterns in botnets, and thus are not effective in realistic botnet detection, nor can they detect unknown botnets. To deal with these problems, this paper proposes a flow summary and graph sampling based botnet detection method using machine learning algorithms. Firstly, the network flow data is aggregated according to the source host IPs, and the flow summary records are generated within a duration of time window. Meanwhile, we use graph sampling technology to obtain a subset of entire graph, obtaining 4 graph features which are added to the flow summary records. Afterwards, decision tree, random forest and XGBoost machine learning classification models are built to validate the performance of our method. The experimental results on the Bot- IoT and CTU-13 datasets show that the method we proposed can effectively detect botnet traffic and unknown botnets.

查看原文本刊更多论文

基于流量汇总和图采样的机器学习僵尸网络检测

随着僵尸网络的发展，检测和防范僵尸网络攻击已成为网络安全研究的一项重要任务。现有的研究很少考虑僵尸网络的时间模式，因此在现实的僵尸网络检测中效果不佳，也无法检测到未知的僵尸网络。为了解决这些问题，本文提出了一种利用机器学习算法的基于流汇总和图采样的僵尸网络检测方法。首先，根据源主机ip对网络流量数据进行聚合，生成一定时间窗口内的流量汇总记录。同时，我们利用图采样技术获取整个图的子集，得到4个图特征，并将其添加到流汇总记录中。然后，建立决策树、随机森林和XGBoost机器学习分类模型来验证我们的方法的性能。在Bot- IoT和CTU-13数据集上的实验结果表明，我们提出的方法可以有效地检测僵尸网络流量和未知僵尸网络。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 International Conference on Computer Engineering and Application (ICCEA)

自引率

0.00%

发文量