点对点僵尸网络：探索行为特征和基于机器/深度学习的检测

IF 2.5 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS

EURASIP Journal on Information Security Pub Date : 2024-05-27 DOI:10.1186/s13635-024-00169-0

Arkan Hammoodi Hasan Kabla, Achmad Husni Thamrin, Mohammed Anbar, Selvakumar Manickam, Shankar Karuppayah

{"title":"点对点僵尸网络：探索行为特征和基于机器/深度学习的检测","authors":"Arkan Hammoodi Hasan Kabla, Achmad Husni Thamrin, Mohammed Anbar, Selvakumar Manickam, Shankar Karuppayah","doi":"10.1186/s13635-024-00169-0","DOIUrl":null,"url":null,"abstract":"The orientation of emerging technologies on the Internet is moving toward decentralisation. Botnets have always been one of the biggest threats to Internet security, and botmasters have adopted the robust concept of decentralisation to develop and improve peer-to-peer botnet tactics. This makes the botnets cleverer and more artful, although bots under the same botnet have symmetrical behaviour, which is what makes them detectable. However, the literature indicates that the last decade has lacked research that explores new behavioural characteristics that could be used to identify peer-to-peer botnets. For the abovementioned reasons, in this study, we propose new two methods to detect peer-to-peer botnets: first, we explored a new set of behavioural characteristics based on network traffic flow analyses that allow network administrators to more easily recognise a botnet’s presence, and second, we developed a new anomaly detection approach by adopting machine-learning and deep-learning techniques that have not yet been leveraged to detect peer-to-peer botnets using only the five-tuple static indicators as selected features. The experimental analyses revealed new and important behavioural characteristics that can be used to identify peer-to-peer botnets, whereas the experimental results for the detection approach showed a high detection accuracy of 99.99% with no false alarms. ","PeriodicalId":46070,"journal":{"name":"EURASIP Journal on Information Security","volume":"90 1","pages":""},"PeriodicalIF":2.5000,"publicationDate":"2024-05-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Peer-to-peer botnets: exploring behavioural characteristics and machine/deep learning-based detection\",\"authors\":\"Arkan Hammoodi Hasan Kabla, Achmad Husni Thamrin, Mohammed Anbar, Selvakumar Manickam, Shankar Karuppayah\",\"doi\":\"10.1186/s13635-024-00169-0\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The orientation of emerging technologies on the Internet is moving toward decentralisation. Botnets have always been one of the biggest threats to Internet security, and botmasters have adopted the robust concept of decentralisation to develop and improve peer-to-peer botnet tactics. This makes the botnets cleverer and more artful, although bots under the same botnet have symmetrical behaviour, which is what makes them detectable. However, the literature indicates that the last decade has lacked research that explores new behavioural characteristics that could be used to identify peer-to-peer botnets. For the abovementioned reasons, in this study, we propose new two methods to detect peer-to-peer botnets: first, we explored a new set of behavioural characteristics based on network traffic flow analyses that allow network administrators to more easily recognise a botnet’s presence, and second, we developed a new anomaly detection approach by adopting machine-learning and deep-learning techniques that have not yet been leveraged to detect peer-to-peer botnets using only the five-tuple static indicators as selected features. The experimental analyses revealed new and important behavioural characteristics that can be used to identify peer-to-peer botnets, whereas the experimental results for the detection approach showed a high detection accuracy of 99.99% with no false alarms. \",\"PeriodicalId\":46070,\"journal\":{\"name\":\"EURASIP Journal on Information Security\",\"volume\":\"90 1\",\"pages\":\"\"},\"PeriodicalIF\":2.5000,\"publicationDate\":\"2024-05-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"EURASIP Journal on Information Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1186/s13635-024-00169-0\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"EURASIP Journal on Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1186/s13635-024-00169-0","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

互联网新兴技术的发展方向是去中心化。僵尸网络一直是互联网安全的最大威胁之一，僵尸网络管理员采用了去中心化这一强大的概念来开发和改进点对点僵尸网络战术。尽管同一僵尸网络下的僵尸具有对称行为，这也是它们能够被检测到的原因，但这使得僵尸网络变得更加聪明和巧妙。然而，文献表明，过去十年中缺乏对可用于识别点对点僵尸网络的新行为特征的研究。基于上述原因，在本研究中，我们提出了两种新的方法来检测点对点僵尸网络：首先，我们基于网络流量分析探索了一组新的行为特征，使网络管理员能够更容易地识别僵尸网络的存在；其次，我们开发了一种新的异常检测方法，采用机器学习和深度学习技术来检测点对点僵尸网络。实验分析揭示了可用于识别点对点僵尸网络的新的重要行为特征，而检测方法的实验结果显示其检测准确率高达 99.99%，且无误报。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Peer-to-peer botnets: exploring behavioural characteristics and machine/deep learning-based detection

The orientation of emerging technologies on the Internet is moving toward decentralisation. Botnets have always been one of the biggest threats to Internet security, and botmasters have adopted the robust concept of decentralisation to develop and improve peer-to-peer botnet tactics. This makes the botnets cleverer and more artful, although bots under the same botnet have symmetrical behaviour, which is what makes them detectable. However, the literature indicates that the last decade has lacked research that explores new behavioural characteristics that could be used to identify peer-to-peer botnets. For the abovementioned reasons, in this study, we propose new two methods to detect peer-to-peer botnets: first, we explored a new set of behavioural characteristics based on network traffic flow analyses that allow network administrators to more easily recognise a botnet’s presence, and second, we developed a new anomaly detection approach by adopting machine-learning and deep-learning techniques that have not yet been leveraged to detect peer-to-peer botnets using only the five-tuple static indicators as selected features. The experimental analyses revealed new and important behavioural characteristics that can be used to identify peer-to-peer botnets, whereas the experimental results for the detection approach showed a high detection accuracy of 99.99% with no false alarms.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

EURASIP Journal on Information Security COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

8.80

自引率

0.00%

发文量

审稿时长

13 weeks

期刊介绍： The overall goal of the EURASIP Journal on Information Security, sponsored by the European Association for Signal Processing (EURASIP), is to bring together researchers and practitioners dealing with the general field of information security, with a particular emphasis on the use of signal processing tools in adversarial environments. As such, it addresses all works whereby security is achieved through a combination of techniques from cryptography, computer security, machine learning and multimedia signal processing. Application domains lie, for example, in secure storage, retrieval and tracking of multimedia data, secure outsourcing of computations, forgery detection of multimedia data, or secure use of biometrics. The journal also welcomes survey papers that give the reader a gentle introduction to one of the topics covered as well as papers that report large-scale experimental evaluations of existing techniques. Pure cryptographic papers are outside the scope of the journal. Topics relevant to the journal include, but are not limited to: • Multimedia security primitives (such digital watermarking, perceptual hashing, multimedia authentictaion) • Steganography and Steganalysis • Fingerprinting and traitor tracing • Joint signal processing and encryption, signal processing in the encrypted domain, applied cryptography • Biometrics (fusion, multimodal biometrics, protocols, security issues) • Digital forensics • Multimedia signal processing approaches tailored towards adversarial environments • Machine learning in adversarial environments • Digital Rights Management • Network security (such as physical layer security, intrusion detection) • Hardware security, Physical Unclonable Functions • Privacy-Enhancing Technologies for multimedia data • Private data analysis, security in outsourced computations, cloud privacy