Detection and prevention system against cyber attacks and botnet malware for information systems and Internet of Things

2016 IEEE 12th International Conference on Intelligent Computer Communication and Processing (ICCP) Pub Date : 2016-09-01 DOI:10.1109/ICCP.2016.7737142

Ionut Indre, C. Lemnaru

{"title":"Detection and prevention system against cyber attacks and botnet malware for information systems and Internet of Things","authors":"Ionut Indre, C. Lemnaru","doi":"10.1109/ICCP.2016.7737142","DOIUrl":null,"url":null,"abstract":"The explosion of interconnected devices and the Internet of Things has triggered new important challenges in the area of internet security, due to the various device vulnerabilities and increased potential for cyber-attacks. This paper touches on the areas of Cybersecurity, intrusion detection, prevention systems and artificial intelligence. Our aim is to create a system capable of understanding, detecting and preventing malicious connections using applied concepts of machine learning. We emphasize the importance of selecting and extracting features that can lead to an accurate decision of classification for malware and intrusion attacks. We propose a solution that combines features that extract correlations from the packet history for the same and different services and hosts, based on the rate of REJ, SYN and ACK flags and connection states, with HTTP features extracted from URI and RESTful methods. Our proposed solution is able to detect network intrusions and botnet communications with a precision of 98.4% on the binary classification problem.","PeriodicalId":343658,"journal":{"name":"2016 IEEE 12th International Conference on Intelligent Computer Communication and Processing (ICCP)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"33","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 12th International Conference on Intelligent Computer Communication and Processing (ICCP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCP.2016.7737142","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 33

Abstract

The explosion of interconnected devices and the Internet of Things has triggered new important challenges in the area of internet security, due to the various device vulnerabilities and increased potential for cyber-attacks. This paper touches on the areas of Cybersecurity, intrusion detection, prevention systems and artificial intelligence. Our aim is to create a system capable of understanding, detecting and preventing malicious connections using applied concepts of machine learning. We emphasize the importance of selecting and extracting features that can lead to an accurate decision of classification for malware and intrusion attacks. We propose a solution that combines features that extract correlations from the packet history for the same and different services and hosts, based on the rate of REJ, SYN and ACK flags and connection states, with HTTP features extracted from URI and RESTful methods. Our proposed solution is able to detect network intrusions and botnet communications with a precision of 98.4% on the binary classification problem.

查看原文本刊更多论文

针对信息系统和物联网的网络攻击和僵尸网络恶意软件的检测和预防系统

由于各种设备漏洞和网络攻击的可能性增加，互联设备和物联网的爆炸式增长在互联网安全领域引发了新的重要挑战。本文涉及网络安全、入侵检测、防御系统和人工智能等领域。我们的目标是利用机器学习的应用概念创建一个能够理解、检测和防止恶意连接的系统。我们强调选择和提取特征的重要性，这些特征可以导致对恶意软件和入侵攻击的准确分类决策。我们提出了一个解决方案，该解决方案结合了从相同和不同服务和主机的数据包历史中提取相关性的功能，基于REJ, SYN和ACK标志和连接状态的速率，以及从URI和RESTful方法中提取的HTTP功能。我们提出的解决方案能够在二进制分类问题上检测网络入侵和僵尸网络通信，准确率为98.4%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 IEEE 12th International Conference on Intelligent Computer Communication and Processing (ICCP)

自引率

0.00%

发文量