基于机器学习的网络流量分析检测基于irc的僵尸网络

2019 29th International Telecommunication Networks and Applications Conference (ITNAC) Pub Date : 2019-11-01 DOI:10.1109/ITNAC46935.2019.9077964

Xue Jun Li, M. Ma, Yi Lin Yen

{"title":"基于机器学习的网络流量分析检测基于irc的僵尸网络","authors":"Xue Jun Li, M. Ma, Yi Lin Yen","doi":"10.1109/ITNAC46935.2019.9077964","DOIUrl":null,"url":null,"abstract":"Cybersecurity becomes increasingly important as information and communications technology (ICT) is adopted throughout the world. Cyber attacks can happen both externally and internally. With majority of cyber attacks being executed by insiders, it is important to detect insider attacks and even prevent them. This paper studies how to apply machine learning in analyzing network traffic to detect insider attacks, particularly in the area of botnet detection. Different from existing work considered two types of Hyper Text Transfer Protocol (HTTP)-based botnets, we consider two types of popular Internet Relay Chat (IRC)-based botnets. With selected flow characteristics, experimental results show that the proposed detection model can achieve a true positive rate of over 96%, with a false positive rate of less than 5%.","PeriodicalId":407514,"journal":{"name":"2019 29th International Telecommunication Networks and Applications Conference (ITNAC)","volume":"464 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Detecting IRC-based Botnets by Network Traffic Analysis Through Machine Learning\",\"authors\":\"Xue Jun Li, M. Ma, Yi Lin Yen\",\"doi\":\"10.1109/ITNAC46935.2019.9077964\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cybersecurity becomes increasingly important as information and communications technology (ICT) is adopted throughout the world. Cyber attacks can happen both externally and internally. With majority of cyber attacks being executed by insiders, it is important to detect insider attacks and even prevent them. This paper studies how to apply machine learning in analyzing network traffic to detect insider attacks, particularly in the area of botnet detection. Different from existing work considered two types of Hyper Text Transfer Protocol (HTTP)-based botnets, we consider two types of popular Internet Relay Chat (IRC)-based botnets. With selected flow characteristics, experimental results show that the proposed detection model can achieve a true positive rate of over 96%, with a false positive rate of less than 5%.\",\"PeriodicalId\":407514,\"journal\":{\"name\":\"2019 29th International Telecommunication Networks and Applications Conference (ITNAC)\",\"volume\":\"464 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 29th International Telecommunication Networks and Applications Conference (ITNAC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ITNAC46935.2019.9077964\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 29th International Telecommunication Networks and Applications Conference (ITNAC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ITNAC46935.2019.9077964","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

摘要

随着信息通信技术(ICT)在世界范围内的普及，网络安全变得越来越重要。网络攻击既可以发生在外部，也可以发生在内部。由于大多数网络攻击是由内部人员实施的，因此检测甚至预防内部攻击非常重要。本文主要研究了如何将机器学习应用于网络流量分析来检测内部攻击，特别是在僵尸网络检测领域。与现有研究中考虑的两种基于超文本传输协议(HTTP)的僵尸网络不同，我们考虑了两种流行的基于Internet中继聊天(IRC)的僵尸网络。实验结果表明，在所选择的流量特性下，所提出的检测模型的真阳性率达到96%以上，假阳性率小于5%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Detecting IRC-based Botnets by Network Traffic Analysis Through Machine Learning

Cybersecurity becomes increasingly important as information and communications technology (ICT) is adopted throughout the world. Cyber attacks can happen both externally and internally. With majority of cyber attacks being executed by insiders, it is important to detect insider attacks and even prevent them. This paper studies how to apply machine learning in analyzing network traffic to detect insider attacks, particularly in the area of botnet detection. Different from existing work considered two types of Hyper Text Transfer Protocol (HTTP)-based botnets, we consider two types of popular Internet Relay Chat (IRC)-based botnets. With selected flow characteristics, experimental results show that the proposed detection model can achieve a true positive rate of over 96%, with a false positive rate of less than 5%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 29th International Telecommunication Networks and Applications Conference (ITNAC)

自引率

0.00%

发文量