Chun Long, Xisheng Xiao, Wei Wan, Jing Zhao, Jinxia Wei, Guanyao Du
{"title":"基于流量汇总和图采样的机器学习僵尸网络检测","authors":"Chun Long, Xisheng Xiao, Wei Wan, Jing Zhao, Jinxia Wei, Guanyao Du","doi":"10.1109/ICCEA53728.2021.00068","DOIUrl":null,"url":null,"abstract":"With the development of botnets, detecting and preventing botnet attacks has become an important task of network security research. Existing works rarely consider timing patterns in botnets, and thus are not effective in realistic botnet detection, nor can they detect unknown botnets. To deal with these problems, this paper proposes a flow summary and graph sampling based botnet detection method using machine learning algorithms. Firstly, the network flow data is aggregated according to the source host IPs, and the flow summary records are generated within a duration of time window. Meanwhile, we use graph sampling technology to obtain a subset of entire graph, obtaining 4 graph features which are added to the flow summary records. Afterwards, decision tree, random forest and XGBoost machine learning classification models are built to validate the performance of our method. The experimental results on the Bot- IoT and CTU-13 datasets show that the method we proposed can effectively detect botnet traffic and unknown botnets.","PeriodicalId":325790,"journal":{"name":"2021 International Conference on Computer Engineering and Application (ICCEA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Botnet Detection Based on Flow Summary and Graph Sampling with Machine Learning\",\"authors\":\"Chun Long, Xisheng Xiao, Wei Wan, Jing Zhao, Jinxia Wei, Guanyao Du\",\"doi\":\"10.1109/ICCEA53728.2021.00068\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the development of botnets, detecting and preventing botnet attacks has become an important task of network security research. Existing works rarely consider timing patterns in botnets, and thus are not effective in realistic botnet detection, nor can they detect unknown botnets. To deal with these problems, this paper proposes a flow summary and graph sampling based botnet detection method using machine learning algorithms. Firstly, the network flow data is aggregated according to the source host IPs, and the flow summary records are generated within a duration of time window. Meanwhile, we use graph sampling technology to obtain a subset of entire graph, obtaining 4 graph features which are added to the flow summary records. Afterwards, decision tree, random forest and XGBoost machine learning classification models are built to validate the performance of our method. The experimental results on the Bot- IoT and CTU-13 datasets show that the method we proposed can effectively detect botnet traffic and unknown botnets.\",\"PeriodicalId\":325790,\"journal\":{\"name\":\"2021 International Conference on Computer Engineering and Application (ICCEA)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Computer Engineering and Application (ICCEA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCEA53728.2021.00068\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Computer Engineering and Application (ICCEA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCEA53728.2021.00068","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Botnet Detection Based on Flow Summary and Graph Sampling with Machine Learning
With the development of botnets, detecting and preventing botnet attacks has become an important task of network security research. Existing works rarely consider timing patterns in botnets, and thus are not effective in realistic botnet detection, nor can they detect unknown botnets. To deal with these problems, this paper proposes a flow summary and graph sampling based botnet detection method using machine learning algorithms. Firstly, the network flow data is aggregated according to the source host IPs, and the flow summary records are generated within a duration of time window. Meanwhile, we use graph sampling technology to obtain a subset of entire graph, obtaining 4 graph features which are added to the flow summary records. Afterwards, decision tree, random forest and XGBoost machine learning classification models are built to validate the performance of our method. The experimental results on the Bot- IoT and CTU-13 datasets show that the method we proposed can effectively detect botnet traffic and unknown botnets.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
