Your search keyword '"botnet"' showing total 4,164 results

1. XAIEnsembleTL-IoV: A new eXplainable Artificial Intelligence ensemble transfer learning for zero-day botnet attack detection in the Internet of Vehicles

Author

Saheed, Yakub Kayode and Chukwuere, Joshua Ebere

Published

2024

2. A hybrid DGA DefenseNet for detecting DGA domain names based on FastText and deep learning techniques

Author

Chen, Jiann-Liang, Qiu, Jian-Fu, and Chen, Yu-Hung

Published

2025

3. Botnet Defense System: A System to Fight Botnets with Botnets

Author

Yamaguchi, Shingo, Jajodia, Sushil, Series Editor, Samarati, Pierangela, Series Editor, Lopez, Javier, Series Editor, Vaidya, Jaideep, Series Editor, Gritzalis, Dimitris, editor, Choo, Kim-Kwang Raymond, editor, and Patsakis, Constantinos, editor

Published

2025

4. BotNet Attack Detection Using MALO-Based XGBoost Model in IoT Environment

Author

Alzubi, Omar A., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Fortino, Giancarlo, editor, Kumar, Akshi, editor, Swaroop, Abhishek, editor, and Shukla, Pancham, editor

Published

2025

5. 基于图重构和子图挖掘的僵尸网络检测方法.

Author

景永俊, 吴 悔, 陈 旭, and 宋吉飞

Abstract

Copyright of Journal of Zhengzhou University: Engineering Science is the property of Editorial Office of Journal of Zhengzhou University: Engineering Science and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2025

6. GrMA-CNN: Integrating Spatial-Spectral Layers with Modified Attention for Botnet Detection Using Graph Convolution for Securing Networks.

Author

G., Mohan H., Kumar, Jalesh, and M., Nandish

Subjects

CONVOLUTIONAL neural networks, BOTNETS, PRINCIPAL components analysis, FEATURE selection, INTERNET of things, FRAUD

Abstract

Network botnet attacks have been increasing rapidly because of the widespread use of interconnected Internet of Things (IoT) devices. These devices can be used for many malicious actions, such as phishing, fraud, data theft, and distributed computing attacks against IoT networks. The traditional methods of botnet detection fail to capture the relationships between network nodes that exhibit coordinated behavior. In this paper, we introduce a novel Graph-based Modified Attention with Convolutional Neural Network (GrMA-CNN) for the effective detection of botnet attacks. The novelty of GrMA-CNN lies in its integration of spectral and spatial layers within a Graph Convolutional Network (GCN). It combines the GCN with a modified attention mechanism to effectively capture relationships and coordinated behaviours among IoT devices in graph-structured data. The approach extract features from network flow traffic using hybrid feature selection techniques, which include mutual information, correlation analysis, and principal component analysis. The extracted features are then processed through a GCN, with spectral and spatial layers that operates directly on graph-structured data. In this context, each IoT device and its associated features are represented as nodes, while the relationships between these devices are modelled as edges in the graph. The robustness of the model is verified on different datasets, such as N-BaIoT, BoT-IoT, CTU-13, and CICIDS. The proposed model obtained an accuracy of 99.1% on N-BaIoT, 99.2% on BoT-IoT, 99.15% on CTU-13, and 99.3% on CICIDS datasets. Further the model has achieved an average precision of 98.82%, a recall of 99.02%, and F1-score of 98.51%. The performance comparison demonstrates that the proposed model outperforms state-of-the-art botnet detection methods, including DNN, SGDC, WCC, and IHHO-NN with high detection rate. [ABSTRACT FROM AUTHOR]

Published

2025

7. Blood Cell Target Detection Based on Improved YOLOv5 Algorithm.

Author

Song, Xuan and Tang, Hongyan

Subjects

DETECTION algorithms, BLOOD cells, CELLULAR recognition, HUMAN body, BLOOD grouping & crossmatching

Abstract

In the medical field, blood analysis is a key method used to evaluate the health status of the human body. The types and number of blood cells serve as important criteria for doctors to diagnose and treat diseases. In view of the problems regarding difficult classification and low efficiency in blood cell detection, this paper proposes an improved YOLOv5-BS blood cell target detection algorithm. The purpose of the improvement is to enhance the real-time performance and accuracy of blood cell type recognition. The algorithm is based on YOLOv5s as the basic network, incorporating the advantages of both CNN and Transformer architectures. First, the BotNet backbone network is incorporated. Then the YOLOv5 head architecture is replaced with the Decoupled Head structure. Finally, a new loss function SIoU is used to improve the accuracy and efficiency of the model. To detect the feasibility of the algorithm, a comparative experiment was conducted. The experiment shows that the improved algorithm has an accuracy of 92.8% on the test set, an average precision of 83.3%, and a recall rate of 99%. Compared with YOLOv8s and PP-YOLO, the average precision is increased by 3.9% and 1%, and the recall rate is increased by 3% and 2%. This algorithm effectively improves the efficiency and accuracy of blood cell detection and effectively improves the problem of blood cell detection. [ABSTRACT FROM AUTHOR]

Published

2024

8. DGA Domain Detection Based on Transformer and Rapid Selective Kernel Network.

Author

Tang, Jisheng, Guan, Yiling, Zhao, Shenghui, Wang, Huibin, and Chen, Yinong

Subjects

TRANSFORMER models, COMPUTER network security, COMPUTATIONAL complexity, SECURITY systems, ALGORITHMS, BOTNETS

Abstract

Botnets pose a significant challenge in network security by leveraging Domain Generation Algorithms (DGA) to evade traditional security measures. Extracting DGA domain samples is inherently complex, and the current DGA detection models often struggle to capture domain features effectively when facing limited training data. This limitation results in suboptimal detection performance and an imbalance between model accuracy and complexity. To address these challenges, this paper introduces a novel multi-scale feature fusion model that integrates the Transformer architecture with the Rapid Selective Kernel Network (R-SKNet). The proposed model employs the Transformer's encoder to couple the single-domain character elements with the multiple types of relationships within the global domain block. This paper proposes integrating R-SKNet into DGA detection and developing an efficient channel attention (ECA) module. By enhancing the branch information guidance in the SKNet architecture, the approach achieves adaptive receptive field selection, multi-scale feature capture, and lightweight yet efficient multi-scale convolution. Moreover, the improved Feature Pyramid Network (FPN) architecture, termed EFAM, is utilized to adjust channel weights for outputs at different stages of the backbone network, leading to achieving multi-scale feature fusion. Experimental results demonstrate that, in tasks with limited training samples, the proposed method achieves lower computational complexity and higher detection accuracy compared to mainstream detection models. [ABSTRACT FROM AUTHOR]

Published

2024

9. Detection and Classification of Network Traffic in Bot Network Using Deep Learning.

Author

Srinarayani, K., Padmavathi, B., Datchanamoorthy, Kavitha, Saraswathi, T., Maheswari, S., and Vincy, R. Fatima

Subjects

LONG short-term memory, COMPUTER network traffic, CONVOLUTIONAL neural networks, COMPUTER networks, DEEP learning, BOTNETS

Abstract

One of the most dangerous threats to computer networks is the use of botnets, which can seriously harm systems and steal private data. They are remote-controlled networks of compromised computers that an individual or group of individuals is using for malicious purposes. These infected computers are frequently called "bots" or "zombies". A wide variety of malicious activities, including the distribution of malware and credential theft, can be carried out using botnets. The CTU-13 dataset is a collection of network traffic information that includes examples of various botnet types. Using this, our study compares the abilities of decision trees, random forests, 1D convolutional neural networks, and a proposed system based on long short-term memory and residual neural networks to detect botnets. According to our findings, the suggested system performs better than every other algorithm, achieving a higher accuracy rate. Our suggested system has the ability to precisely identify botnet traffic patterns, which can assist organisations in proactively preventing botnet attacks. [ABSTRACT FROM AUTHOR]

Published

2024

10. Enhanced DDoS Detection Using Advanced Machine Learning and Ensemble Techniques in Software Defined Networking.

Author

Butt, Hira Akhtar, Harthy, Khoula Said Al, Shah, Mumtaz Ali, Hussain, Mudassar, Amin, Rashid, and Rehman, Mujeeb Ur

Subjects

DENIAL of service attacks, MACHINE learning, SOFTWARE-defined networking, FEATURE selection, K-nearest neighbor classification

Abstract

Detecting sophisticated cyberattacks, mainly Distributed Denial of Service (DDoS) attacks, with unexpected patterns remains challenging in modern networks. Traditional detection systems often struggle to mitigate such attacks in conventional and software-defined networking (SDN) environments. While Machine Learning (ML) models can distinguish between benign and malicious traffic, their limited feature scope hinders the detection of new zero-day or low-rate DDoS attacks requiring frequent retraining. In this paper, we propose a novel DDoS detection framework that combines Machine Learning (ML) and Ensemble Learning (EL) techniques to improve DDoS attack detection and mitigation in SDN environments. Our model leverages the "DDoS SDN" dataset for training and evaluation and employs a dynamic feature selection mechanism that enhances detection accuracy by focusing on the most relevant features. This adaptive approach addresses the limitations of conventional ML models and provides more accurate detection of various DDoS attack scenarios. Our proposed ensemble model introduces an additional layer of detection, increasing reliability through the innovative application of ensemble techniques. The proposed solution significantly enhances the model's ability to identify and respond to dynamic threats in SDNs. It provides a strong foundation for proactive DDoS detection and mitigation, enhancing network defenses against evolving threats. Our comprehensive runtime analysis of Simultaneous Multi-Threading (SMT) on identical configurations shows superior accuracy and efficiency, with significantly reduced computational time, making it ideal for real-time DDoS detection in dynamic, rapidly changing SDNs. Experimental results demonstrate that our model achieves outstanding performance, outperforming traditional algorithms with 99% accuracy using Random Forest (RF) and K-Nearest Neighbors (KNN) and 98% accuracy using XGBoost. [ABSTRACT FROM AUTHOR]

Published

2024

11. Intelligent botnet detection in IoT networks using parallel CNN‐LSTM fusion.

Author

Jiang, Rongrong, Weng, Zhengqiu, Shi, Lili, Weng, Erxuan, Li, Hongmei, Wang, Weiqiang, Zhu, Tiantian, and Li, Wuzhao

Subjects

TRAFFIC monitoring, INDUSTRIAL controls manufacturing, DATA integrity, BOTNETS, PARALLEL processing, DEEP learning

Abstract

Summary: With the development of the Internet of Things (IoT), the number of terminal devices is rapidly growing and at the same time, their security is facing serious challenges. For the industrial control system, there are challenges in detecting and preventing botnet. Traditional detection methods focus on capturing and reverse analyzing the botnet programs first and then parsing the extracted features from the malicious code or attacks. However, their accuracy is very low and their latency is relatively high. Moreover, they sometimes even cannot recognize the unknown botnets. The machine learning based detection methods rely on manual feature engineering and have a weak generalization. The deep learning‐based methods mostly rely on the system log, which does not take into account the multisource information such as traffic. To address the above issues, from the perspective of the botnet features, this paper proposes an intelligent detection method over parallel CNN‐LSTM, integrating the spatial and temporal features to identify botnets. Experimental demonstrate that the accuracy, recall, and F1‐score of our proposed method achieve up to over 98%, and the precision, 97.8%, is not the highest but reasonable. It reveals compared with the existing start‐of‐the‐art methods, our proposed method outperforms in the botnet detection. Our methodology's strength lies in its ability to harness the multifaceted information present in IoT traffic, offering a more nuanced and comprehensive analysis. The parallel CNN‐LSTM architecture ensures that spatial and temporal data are processed concurrently, preserving the integrity of the information and enabling a more robust detection mechanism. The result is a detection system that not only performs exceptionally well in a controlled environment but also holds promise for real‐world application, where the rapid and accurate identification of botnets is paramount. [ABSTRACT FROM AUTHOR]

Published

2024

12. Deep Learning-Based Intrusion Detection System for Detecting IoT Botnet Attacks: A Review

Author

Tamara Al-Shurbaji, Mohammed Anbar, Selvakumar Manickam, Iznan H Hasbullah, Nadia Alfriehat, Basim Ahmad Alabsi, Ahmad Reda Alzighaibi, and Hasan Hashim

Subjects

Intrusion detection system (IDS), botnet, deep learning, Internet of Things (IoT), IoT Botnet, neural networks, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The proliferation of Internet of Things (IoT) devices has brought about an increased threat of botnet attacks, necessitating robust security measures. In response to this evolving landscape, deep learning (DL)-based intrusion detection systems (IDS) have emerged as a promising approach for detecting and mitigating botnet activities in IoT environments. Therefore, this paper thoroughly reviews existing literature on botnet detection in the IoT using DL-based IDS. It consolidates and analyzes a wide range of research papers, highlighting key findings, methodologies, advancements, shortcomings, and challenges in the field. Additionally, we performed a qualitative comparison with existing surveys using author-defined metrics to underscore the uniqueness of this survey. We also discuss challenges, limitations, and future research directions, emphasizing the distinctive contributions of our review. Ultimately, this survey serves as a guideline for future researchers, contributing to the advancement of botnet detection methods in IoT environments and enhancing security against botnet threats.

Published

2025

13. IoT Security: Botnet Detection Using Self-Organizing Feature Map and Machine Learning

Author

Susanto, Deris Stiawan, Budi Santoso, Alex Onesimus Sidabutar, M. Agus Syamsul Arifin, Mohd Yazid Idris, and Rahmat Budiarto

Subjects

botnet, iot, feature engineering, sofm, machine learning, Systems engineering, TA168, Information technology, T58.5-58.64

Abstract

The rapid advancement of Internet of Things (IoT) technology has created potential for progress in various aspects of life. However, the increasing number of IoT devices also raises the risk of cyberattacks, particularly IoT botnets often exploited by attackers. This is largely due to the limitations of IoT devices, such as constraints in capacity, power, and memory, necessitating an efficient detection system. This study aims to develop a resource-efficient botnet detection system by using the Self-Organizing Feature Map (SOFM) dimensionality reduction method in combination with machine learning algorithms. The proposed method includes a feature engineering process using SOFM to address high-dimensional data, followed by classification with various machine learning algorithms. The experiments evaluate performance based on accuracy, sensitivity, specificity, False Positive Rate (FPR), and False Negative Rate (FNR). Results show that the Decision Tree algorithm achieved the highest accuracy rate of 97.24%, with a sensitivity of 0.9523, specificity of 0.9932, and a fast execution time of 100.66 seconds. The use of SOFM successfully reduced memory consumption from 3.08 GB to 923MB. Experimental results indicate that this approach is effective for enhancing IoT security in resource-constrained devices.

Published

2024

14. Uit-DGAdetector: detect domains generated by algorithms using machine learning.

Author

Cam, Nguyen Tan and Man, Nguyen Ngoc

Subjects

*INFORMATION technology, *INFORMATION technology security, *COMPUTER network security, *INFORMATION networks, *MACHINE learning, *BOTNETS

Abstract

Recent developments in information technology have brought numerous benefits but have also created risks for information security. One notable threat is the domain generated by the algorithm (DGA) technique used by botnets, which allows them to automatically generate and register multiple domains to evade detection and control from network security systems. To address this issue, we conducted research on a domain classification model specific to botnet-generated domains. We developed three domain classification models: bigrams, long short-term memory networks (LSTM), and a combination of LSTM and one-hot encoding. In this study, we implemented an ensemble model using a domain classification system, named UIT-DGADetector. To optimize the system, we employed Kafka to queue and streamline the requests, thereby reducing the load on the classification server. The deployed system operates well and achieves a high accuracy rate in predicting the domain types. However, this model still has limitations in predicting Word-based DGA botnets. The process must be optimized to reduce the waiting time in the queue. This study aims to contribute to network security and information protection, particularly by addressing the issue of DGA botnets. [ABSTRACT FROM AUTHOR]

Published

2024

15. Robust Botnet Detection Approach for Known and Unknown Attacks in IoT Networks Using Stacked Multi-classifier and Adaptive Thresholding.

Author

Krishnan, Deepa and Shrinath, Pravin

Subjects

*INTERNET of things, *VECTOR quantization, *THRESHOLDING algorithms

Abstract

The detection of security attacks holds significant importance in IoT networks, primarily due to the escalating number of interconnected devices and the sensitive nature of the transmitted data. This paper introduces a novel methodology designed to identify both known and unknown attacks within IoT networks. For the identification of known attacks, our proposed approach employs a stacked multi-classifier trained with classwise features. To address the challenge of highly imbalanced classes without resorting to resampling, we utilize the Localized Generalized Matrix Learning Vector Quantization (LGMLVQ) approach to select the most relevant features for each class. The efficacy of this model is evaluated using the widely recognized NF-BoT-IoT dataset, demonstrating an impressive accuracy score of 99.9952%.. The proposed study also focuses on detecting unseen attacks leveraging a shallow autoencoder, employing the technique of reconstruction error thresholding. The efficiency of this approach is evaluated using benchmark datasets. namely NF-ToN-IoT and NF-CSE-CIC-IDS 2018. The model's performance on previously unseen samples is noteworthy, with an average accuracy, precision, recall and F1-Score of 93.715%, 99.955%,90.865% and 95.145%, respectively. The proposed work presents significant contributions to IoT security by proposing a comprehensive solution with demonstrated performance in detecting both known and unknown attacks in the context of imbalanced data. [ABSTRACT FROM AUTHOR]

Published

2024

16. Implementation of White-Hat Worms Using Mirai Source Code and Its Optimization through Parameter Tuning.

Author

Yamamoto, Yudai, Fukushima, Aoi, and Yamaguchi, Shingo

Subjects

DENIAL of service attacks, SOURCE code, WORMS, MALWARE, INTERNET of things, BOTNETS

Abstract

Mirai, an IoT malware that emerged in 2016, has been used for large-scale DDoS attacks. The Mirai source code is publicly available and continues to be a threat with a variety of variants still in existence. In this paper, we propose an implementation system for malicious and white-hat worms created using the Mirai source code, as well as a general and detailed implementation method for white-hat worms that is not limited to the Mirai source code. The white-hat worms have the function of a secondary infection, in which the white-hat worm disinfects the malicious worm by infecting devices already infected by the malicious worm, and two parameters, the values of which can be changed to modify the rate at which the white-hat worms can spread their infection. The values of the parameters of the best white-hat worm for disinfection of the malicious botnet and the impact of the value of each parameter on the disinfection of the malicious botnet were analyzed in detail. The analysis revealed that for a white-hat worm to disinfect a malicious botnet, it must be able to infect at least 80% of all devices and maintain that situation for at least 300 s. Then, by tuning and optimizing the values of the white-hat worm's parameters, we were able to successfully eliminate the malicious botnet, demonstrating the effectiveness of the white-hat botnet's function of eliminating the malicious botnet. [ABSTRACT FROM AUTHOR]

Published

2024

17. Machine learning and metaheuristic optimization algorithms for feature selection and botnet attack detection

Author

Maazalahi, Mahdieh and Hosseini, Soodeh

Published

2025

18. A survey on the contribution of ML and DL to the detection and prevention of botnet attacks

Author

EL Yamani, Yassine, Baddi, Youssef, and EL Kamoun, Najib

Published

2024

19. Securing IoT Networks from DDoS Attacks Using a Temporary Dynamic IP Strategy.

Author

El Fawal, Ahmad Hani, Mansour, Ali, Ammad Uddin, Mohammad, and Nasser, Abbass

Subjects

*DENIAL of service attacks, *ARTIFICIAL intelligence, *INTERNET of things, *SECURITY systems, *INTERNET protocols, *DATA analysis

Abstract

The progression of the Internet of Things (IoT) has brought about a complete transformation in the way we interact with the physical world. However, this transformation has brought with it a slew of challenges. The advent of intelligent machines that can not only gather data for analysis and decision-making, but also learn and make independent decisions has been a breakthrough. However, the low-cost requirement of IoT devices requires the use of limited resources in processing and storage, which typically leads to a lack of security measures. Consequently, most IoT devices are susceptible to security breaches, turning them into "Bots" that are used in Distributed Denial of Service (DDoS) attacks. In this paper, we propose a new strategy labeled "Temporary Dynamic IP" (TDIP), which offers effective protection against DDoS attacks. The TDIP solution rotates Internet Protocol (IP) addresses frequently, creating a significant deterrent to potential attackers. By maintaining an "IP lease-time" that is short enough to prevent unauthorized access, TDIP enhances overall system security. Our testing, conducted via OMNET++, demonstrated that TDIP was highly effective in preventing DDoS attacks and, at the same time, improving network efficiency and IoT network protection. [ABSTRACT FROM AUTHOR]

Published

2024

20. Systematic Literature Review of IoT Botnet DDOS Attacks and Evaluation of Detection Techniques.

Author

Gelgi, Metehan, Guan, Yueting, Arunachala, Sanjay, Samba Siva Rao, Maddi, and Dragoni, Nicola

Subjects

*BOTNETS, *DENIAL of service attacks, *INTERNET of things, *RESEARCH questions, *RESEARCH personnel, *OPEN-ended questions

Abstract

Internet of Things (IoT) technology has become an inevitable part of our daily lives. With the increase in usage of IoT Devices, manufacturers continuously develop IoT technology. However, the security of IoT devices is left behind in those developments due to cost, size, and computational power limitations. Since these IoT devices are connected to the Internet and have low security levels, one of the main risks of these devices is being compromised by malicious malware and becoming part of IoT botnets. IoT botnets are used for launching different types of large-scale attacks including Distributed Denial-of-Service (DDoS) attacks. These attacks are continuously evolving, and researchers have conducted numerous analyses and studies in this area to narrow security vulnerabilities. This paper systematically reviews the prominent literature on IoT botnet DDoS attacks and detection techniques. Architecture IoT botnet DDoS attacks, evaluations of those attacks, and systematically categorized detection techniques are discussed in detail. The paper presents current threats and detection techniques, and some open research questions are recommended for future studies in this field. [ABSTRACT FROM AUTHOR]

Published

2024

21. Hierarchical Classification of Botnet Using Lightweight CNN.

Author

Negera, Worku Gachena, Schwenker, Friedhelm, Feyisa, Degaga Wolde, Debelee, Taye Girma, and Melaku, Henock Mulugeta

Subjects

BOTNETS, CLASSIFICATION, DEEP learning

Abstract

This paper addresses the persistent threat of botnet attacks on IoT devices, emphasizing their continued existence despite various conventional and deep learning methodologies developed for intrusion detection. Utilizing the Bot-IoT dataset, we propose a hierarchical CNN (HCNN) approach featuring three levels of classification. The HCNN approach, presented in this paper, consists of two networks: the non-hierarchical and the hierarchical network. The hierarchical network works by combining features obtained at a higher level with those of its descender. This combined information is subsequently fed into the following level to extract features for the descendant nodes. The overall network consists of 1790 parameters, with the hierarchical network introducing an additional 942 parameters to the existing backbone. The classification levels comprise a binary classification of normal vs attack in the first level, followed by 5 classes in the second level, and 11 classes in the third level. To assess the effectiveness of our proposed approach, we evaluate performance metrics such as Precision (P), Recall (R), F1 Score (F1), and Accuracy (Acc). Rigorous experiments are conducted to compare the performance of both the hierarchical and non-hierarchical models and existing state-of-the-art approaches, providing valuable insights into the efficiency of our proposed hierarchical CNN approach for addressing botnet attacks on IoT devices. [ABSTRACT FROM AUTHOR]

Published

2024

22. MFA-SGWNN: 基于多特征聚合谱图 小波神经网络的僵尸网络检测.

Author

吴悔, 陈旭, 景永俊, and 王叔洋

Abstract

Copyright of Acta Scientiarum Naturalium Universitatis Pekinensis is the property of Editorial Office of Acta Scientiarum Naturalium Universitatis Pekinensis and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

23. Analysis and Detection of IoT Botnets Using Machine Learning

Author

Luck, Benjamin, Prasad, P. W. C., Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Tan, Kay Chen, Series Editor, Mukhopadhyay, Subhas Chandra, editor, Senanayake, S.M. Namal Arosha, editor, and Prasad, P. W. C., editor

Published

2024

24. Early Detection of Botnets Using Artificial Intelligence Methods

Author

Zelichenok, Igor, Zhernova, Ksenia, Chechulin, Andrey, Vitkova, Lidia, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Kovalev, Sergey, editor, Kotenko, Igor, editor, Sukhanov, Andrey, editor, Li, Yin, editor, and Li, Yao, editor

Published

2024

25. Using Applied Machine Learning to Detect Cyber-Security Threats in Industrial IoT Devices

Author

Hosseinzadeh, Ali, Shahin, Mohammad, Chen, F. Frank, Maghanaki, Mazdak, Tseng, Tzu-Liang, Rashidifar, Rasoul, Chaari, Fakher, Series Editor, Gherardini, Francesco, Series Editor, Ivanov, Vitalii, Series Editor, Haddar, Mohamed, Series Editor, Cavas-Martínez, Francisco, Editorial Board Member, di Mare, Francesca, Editorial Board Member, Kwon, Young W., Editorial Board Member, Tolio, Tullio A. M., Editorial Board Member, Trojanowska, Justyna, Editorial Board Member, Schmitt, Robert, Editorial Board Member, Xu, Jinyang, Editorial Board Member, Wang, Yi-Chi, editor, Chan, Siu Hang, editor, and Wang, Zih-Huei, editor

Published

2024

26. AggNoteBot: A Robust Botnet Building Using Aggressive Cloud Notes

Author

Li, Siyu, Liu, Yining, Zhou, Fei, Kang, Yanze, Meng, Weizhi, Goos, Gerhard, Series Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Zhu, Tianqing, editor, and Li, Yannan, editor

Published

2024

27. Dumb Devices/Smart Adversaries: Real Threats in Critical Infrastructure

Author

Sewall, Adam, Celebi, Emre, Series Editor, Chen, Jingdong, Series Editor, Gopi, E. S., Series Editor, Neustein, Amy, Series Editor, Liotta, Antonio, Series Editor, Di Mauro, Mario, Series Editor, and McClellan, Stan, editor

Published

2024

28. Unmasking the Botnet Attacks: A Hybrid Deep Learning Approach

Author

Nayan, Pranta Nath, Mahajabin, Maisha, Rahman, Abdur, Maisha, Nusrat, Chowdhury, Md. Tanvir, Uddin, Md. Mohsin, Tuhin, Rashedul Amin, Khan, M. Saddam Hossain, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Senjyu, Tomonobu, editor, So–In, Chakchai, editor, and Joshi, Amit, editor

Published

2024

29. Kernel Methods for Conformal Prediction to Detect Botnets

Author

Dang, Quang-Vinh, Pham, Thai-Ha, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Sharma, Harish, editor, Chakravorty, Antorweep, editor, Hussain, Shahid, editor, and Kumari, Rajani, editor

Published

2024

30. Enhancing DDoS Attack Detection in SDN: A Novel Approach with IG-RFFI Feature Selection

Author

Goud, Konda Srikar, Giduturi, Srinivasa Rao, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Devi, B. Rama, editor, Kumar, Kishore, editor, Raju, M., editor, Raju, K. Srujan, editor, and Sellathurai, Mathini, editor

Published

2024

31. An Efficient Real-Time NIDS Using Machine Learning Methods

Author

Goud, Konda Srikar, Shivani, M., Reddy, B. V. S. Selvi, Shravyasree, Ch., Reddy, J. Shreeya, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Pareek, Prakash, editor, Gupta, Nishu, editor, and Reis, M. J. C. S., editor

Published

2024

32. IoT Botnet Attacks Detection and Classification Based on Ensemble Learning

Author

Cao, Yongzhong, Wang, Zhihui, Ding, Hongwei, Zhang, Jiale, Li, Bin, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Lu, Huimin, editor, and Cai, Jintong, editor

Published

2024

33. CNN-LSTM: A Deep Learning Model to Detect Botnet Attacks in Internet of Things

Author

Kunndra, Chetanya, Choudhary, Arjun, Mathur, Prashant, Pareek, Kapil, Choudhary, Gaurav, Bansal, Jagdish Chand, Series Editor, Deep, Kusum, Series Editor, Nagar, Atulya K., Series Editor, Roy, Bimal Kumar, editor, Chaturvedi, Atul, editor, Tsaban, Boaz, editor, and Hasan, Sartaj Ul, editor

Published

2024

34. A threat modeling framework for IoT-Based botnet attacks

Author

Hojun Jin, GyuHyun Jeon, Hee Won Aneka Choi, Seungho Jeon, and Jung Taek Seo

Subjects

IoT, Botnet, Threat modeling framework, I3TM, Science (General), Q1-390, Social sciences (General), H1-99

Abstract

Internet of Things (IoT) devices are much closer to users than personal computers used in traditional computing environments. Due to prevalence of IoT devices, even if they are compromised and used in attacks, it is difficult to detect and respond to them. Currently, there has been extensive research on threat modeling for cyberattacks. However, there remains a significant gap in research concerning threat modeling for attacks specially targeting IoT devices within the fifth-generation communication environment. In this paper, we present IoT Targeting-Threat Modeling(I3TM) framework established by analyzing botnets that are appeared before 2021 such as Mirai, Pink etc. Through this framework, we identify tactics and techniques to respond to the attacks. Using the identified tactics and techniques from our proposed framework, we can promptly respond to the newly detected attacks. We constructed a Threat Modeling Framework Keyword-Based Metrics to show extracted keywords from reports, academic papers, and white paper that identifies the features of botnet. We also provide an objective way to apply those keywords to the framework. Our framework is organized to analyze the attack process of botnets that may occur against IoT. The framework derives execution for each tactic for objective analysis based on keywords. In the validation for the framework, I3TM identified eight Tactics from Medusa botnet. If the application of the I3TM framework is continuously accumulated, a baseline of similar attack methods and data will be formed. In future research, we are planning to append mitigations for the attacks targeting IoT to the I3TM framework.

Published

2024

35. Improved YOLOv8 for small traffic sign detection under complex environmental conditions

Author

Bin Ji, Jiafeng Xu, Yang Liu, Pengxiang Fan, and Mengli Wang

Subjects

YOLOv8, Traffic sign detection, BoTNet, ODConv, LSKA, WIoU, Technology

Abstract

Propose an optimized and improved traffic sign detection model based on YOLOv8n, addressing the issues of low accuracy and inaccurate detection, especially in adverse weather conditions, observed in current traditional network models. We leverage existing techniques, including the BoTNet (Bottleneck Transformers for Visual Recognition) module to enhance image classification capabilities, the ODConv (Omni-dimensional Dynamic Convolution) module to supplement attention for improved accuracy, and the LSKA (Large Separable Kernel Attention) module to reduce memory and computational complexity while enhancing small object detection capabilities. Additionally, we employ the WIoU (Wise Intersection over Union) loss function to enhance the model’s generalization performance. Without additional preprocessing to simulate adverse weather conditions, our results on the TT100K dataset, including mAP50, mAP95 (mAP is ’mean Average Precision’), and F1, relative to the original YOLOv8n model, show improvements of 3%, 4%, and 2.5% in misty conditions and 1%, 2.6%, and 1.7% in dark conditions, respectively. On the GTSDB dataset, in misty conditions, the improvements are 5%, 4.2%, and 2.3%, and in dark conditions, the improvements are 3%, 6.6%, and 6%. When 30% of the training set is augmented with fog, the detection performance of the improved model is comparable to, or even exceeds, that of the YOLOv8n model trained with the entire fog-augmented training set. This comprehensive result highlights the significant superiority of our model over the comparative model, demonstrating its practical applicability.

Published

2024

36. B-CAT: a model for detecting botnet attacks using deep attack behavior analysis on network traffic flows

Author

Muhammad Aidiel Rachman Putra, Tohari Ahmad, and Dandy Pramana Hostiadi

Subjects

Botnet, Bot detection, Information security, Intrusion detection system, Network infrastructure, Network security, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64, Electronic computers. Computer science, QA75.5-76.95

Abstract

Abstract Threats on computer networks have been increasing rapidly, and irresponsible parties are always trying to exploit vulnerabilities in the network to do various dangerous things. One way to exploit vulnerabilities in a computer network is by employing malware. Botnets are a type of malware that infects and attacks targets in groups. Botnets develop quickly; the characteristics of initially sporadic attacks have grown into periodic and simultaneous. This rapid development has proved that the botnet is advanced and requires more attention and proper handling. Many studies have introduced detection models for botnet attack activity on computer networks. Apart from detecting the presence of botnet attacks, those studies have attempted to explore the characteristics of botnets, such as attack intensity, relationships between activities, and time segment analysis. However, there has been no research that explicitly detects those characteristics. On the other hand, each botnet characteristic requires different handling, while recognizing the characteristics of the botnet can help network administrators make appropriate decisions. Based on these reasons, this research builds a detection model that can recognize botnet characteristics using sequential traffic mining and similarity analysis. The proposed method consists of two main processes. The first is training to build a knowledge base, and the second is testing to detect botnet activity and attack characteristics. It involves dynamic thresholds to improve the model sensitivity in recognizing attack characteristics through similarity analysis. The novelty includes developing and combining analytical techniques of sequential traffic mining, similarity analysis, and dynamic threshold to detect and recognize the characteristics of botnet attacks explicitly on actual behavior in network traffic. Extensive experiments have been conducted for the evaluation using three different datasets whose results show better performance than others.

Published

2024

37. Enhancing energy efficiency and imbalance handling in botnet detection in IoT networks: a multi-stage feature reduction and weighted approach

Author

Krishnan, Deepa and Shrinath, Pravin

Published

2024

38. B-CAT: a model for detecting botnet attacks using deep attack behavior analysis on network traffic flows.

Author

Putra, Muhammad Aidiel Rachman, Ahmad, Tohari, and Hostiadi, Dandy Pramana

Subjects

BOTNETS, COMPUTER network traffic, BEHAVIORAL assessment, COMPUTER networks, TRAFFIC flow, CYBERTERRORISM

Abstract

Threats on computer networks have been increasing rapidly, and irresponsible parties are always trying to exploit vulnerabilities in the network to do various dangerous things. One way to exploit vulnerabilities in a computer network is by employing malware. Botnets are a type of malware that infects and attacks targets in groups. Botnets develop quickly; the characteristics of initially sporadic attacks have grown into periodic and simultaneous. This rapid development has proved that the botnet is advanced and requires more attention and proper handling. Many studies have introduced detection models for botnet attack activity on computer networks. Apart from detecting the presence of botnet attacks, those studies have attempted to explore the characteristics of botnets, such as attack intensity, relationships between activities, and time segment analysis. However, there has been no research that explicitly detects those characteristics. On the other hand, each botnet characteristic requires different handling, while recognizing the characteristics of the botnet can help network administrators make appropriate decisions. Based on these reasons, this research builds a detection model that can recognize botnet characteristics using sequential traffic mining and similarity analysis. The proposed method consists of two main processes. The first is training to build a knowledge base, and the second is testing to detect botnet activity and attack characteristics. It involves dynamic thresholds to improve the model sensitivity in recognizing attack characteristics through similarity analysis. The novelty includes developing and combining analytical techniques of sequential traffic mining, similarity analysis, and dynamic threshold to detect and recognize the characteristics of botnet attacks explicitly on actual behavior in network traffic. Extensive experiments have been conducted for the evaluation using three different datasets whose results show better performance than others. [ABSTRACT FROM AUTHOR]

Published

2024

39. Látható barátból láthatatlan ellenség - A kényelem ára.

Author

BÖCSKEI, Renáta and TÓTH, Levente

Abstract

Copyright of Hungarian Law Enforcement / Magyar Rendészet is the property of National University of Public Service and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

40. Botnet‐based IoT network traffic analysis using deep learning.

Author

Singh, N. Joychandra, Hoque, Nazrul, Singh, Kh. Robindro, and Bhattacharyya, Dhruba K.

Subjects

*COMPUTER network traffic, *DENIAL of service attacks, *DEEP learning, *INTERNET of things

Abstract

IoT networks are increasingly being connected to a wide range of devices, and the number of devices connected has significantly increased in recent years. As a consequence, the number of vulnerabilities to IoT networks has also been increasing tremendously. In IoT networks, botnet‐based Distributed Denial of Service attack is challenging due to its dynamic behavior. The sensors and actuators connected to IoT networks are low‐powered and have less memory. Because of their inherent vulnerability, IoT devices can always be compromised by an attacker and be used to form a large botnet. A detailed analysis of IoT botnet attacks is presented in this article, along with statistics and the architectures of the botnet. We also survey the existing literature on IoT botnet traffic analysis and present a taxonomy of attack detection methods. We particularly focus on deep learning‐based methods and conduct a comparative study to evaluate their performance on IoT traffic analysis. We identify the current issues and research challenges in this field, and we conclude by highlighting some future research directions. [ABSTRACT FROM AUTHOR]

Published

2024

41. Examination of Traditional Botnet Detection on IoT-Based Bots.

Author

Woodiss-Field, Ashley, Johnstone, Michael N., and Haskell-Dowland, Paul

Subjects

*BOTNETS, *COMPUTER network traffic, *COMPUTER network protocols, *INTERNET of things, *COMPUTERS

Abstract

A botnet is a collection of Internet-connected computers that have been suborned and are controlled externally for malicious purposes. Concomitant with the growth of the Internet of Things (IoT), botnets have been expanding to use IoT devices as their attack vectors. IoT devices utilise specific protocols and network topologies distinct from conventional computers that may render detection techniques ineffective on compromised IoT devices. This paper describes experiments involving the acquisition of several traditional botnet detection techniques, BotMiner, BotProbe, and BotHunter, to evaluate their capabilities when applied to IoT-based botnets. Multiple simulation environments, using internally developed network traffic generation software, were created to test these techniques on traditional and IoT-based networks, with multiple scenarios differentiated by the total number of hosts, the total number of infected hosts, the botnet command and control (CnC) type, and the presence of aberrant activity. Externally acquired datasets were also used to further test and validate the capabilities of each botnet detection technique. The results indicated, contrary to expectations, that BotMiner and BotProbe were able to detect IoT-based botnets—though they exhibited certain limitations specific to their operation. The results show that traditional botnet detection techniques are capable of detecting IoT-based botnets and that the different techniques may offer capabilities that complement one another. [ABSTRACT FROM AUTHOR]

Published

2024

42. Efficient ensemble to combat flash attacks.

Author

C.U, Om Kumar and Sathia Bhama, Ponsy R. K.

Subjects

*CONVOLUTIONAL neural networks, *DEEP learning, *CONTENT delivery networks, *CLOUD computing, *FEATURE extraction

Abstract

Flash event generates enormous traffic and the cloud service providers use sustaining techniques like scaling and content delivery network to up their services. One of the main bottlenecks that the cloud service providers still find difficult to tackle is flash attacks. Illegitimate users send craftily designed packets to land up inside the server for wreaking havoc. As deep learning autoencoder has the potential to detect malicious traffic it has been used in this research study to develop an ensemble. Convolutional neural network is efficacious in overcoming the issue of overfitting; deep autoencoder is proficient in extracting features through dimensionality reduction. In order to obtain both these advantages it was decided to develop an ensemble keeping denoising autoencoder as the core element. The process of addressing a flash attack requires first detecting the presence of bot in malicious traffic, second studying its nature by observing its behavioral manifestations. Detection of botnet was achieved by three ensembles, namely, DAE_CNN, DAE_MLP, and DAE_XGB. But capturing its external manifested behavior is challenging, because the bot signatures are always in a state of flux. The simulated empirical study yielded an appreciable outcome. Its accuracy rate was 99.9% for all the three models and the false positive rates were 0, 0.006, and 0.001, respectively. [ABSTRACT FROM AUTHOR]

Published

2024

43. BotDetector: a system for identifying DGA-based botnet with CNN-LSTM.

Author

Zang, Xiaodong, Cao, Jianbo, Zhang, Xinchang, Gong, Jian, and Li, Guiqing

Subjects

BOTNETS, REVERSE engineering, COMPUTER network security, MACHINE learning, ALGORITHMS, DEEP learning

Abstract

Botnets are one of the major threats to network security nowadays. To carry out malicious actions remotely, they heavily rely on Command and Control channels. DGA-based botnets use a domain generation algorithm to generate a significant number of domain names. By analyzing the linguistic distinctions between legitimate and DGA-based domain names, traditional machine learning schemes obtain great benefits. However, it is difficult to identify the ones based on wordlists or pseudo-random generated. Accordingly, this paper proposes an efficient CNN-LSTM-based detection model (BotDetector) that uses only a set of simple-to-compute, easy-to-compute character features. We evaluate our model with two open-source benchmark datasets (360 netlab, Bambenek) and real DNS traffic from the China Education and Research Network. Experimental results demonstrate that our algorithm improves by 1.6 % in terms of accuracy and F1-score and reduces the computation time by 9.4 % compared to other state-of-the-art alternatives. Remarkably, our work can identify botnet's covert communication channels that use domain names based on word lists or pseudo-random generation without any help of reverse engineering. [ABSTRACT FROM AUTHOR]

Published

2024

44. Ensemble classification to predict botnet and its impact on IoT networks

Author

G. Chandana Swathi, G. Kishor Kumar, and A.P. Siva Kumar

Subjects

IoT networks, Ensemble classification, Botnet, Distributed-Denial of services, ELT-DB, BIE-TFF, Electric apparatus and materials. Electric circuits. Electric networks, TK452-454.4

Abstract

The IoT (Internet of Things) has been rapidly growing to make a stronger influence on huge industrial systems. Since cybercriminals have made IoT a target for harmful operations such as botnets, an attack on the end nodes is now a possibility. Protecting IoT infrastructure with a typical intrusion detection system is difficult because of its vastness, variety, and minimal resource availability. Harmful ''bot sources” (servers) control a botnet, which is made up of hacked devices that are employed for several illicit purposes like sending spam, initiating DoS attacks, and stealing personal data. Because bot sources generate network traffic while conversing with their bots, Intrusion Detection Systems could benefit from analyzing traffic on the network to detect Botnet traffic. DDoS attacks and spam distribution are common uses for botnets.As machine learning (ML) approaches are employed in various niches of security, it appears practical and workable to use ML to detect botnets. ML has been used in various researches to detect botnets. However, the results are either unreliable or limited to certain types of botnets or devices. Current approaches attempt to solve these issues by presenting models that are trained on botnet features, but the large dimensionality of feature values and the reliance on botnet features alone are serious drawbacks. In order to address these constraints, a novel botnet and its impact detection by a typical ensemble classification approach has been proposed by the current work. The framework uses the correlated traffic-flow and botnet features to train the classifier, which is titled as ''Ensemble Classification to Predict Botnet and its Impact (EC-PBI) on IoT Networks''. The experimental study is a cross validation approach that is performed using a multi-label, fourfold strategy. Performance analysis of the proposed approach was done by comparing it with contemporary models. Results prove its efficiency in detecting botnet and its impact.

Published

2024

45. Diving Deep With BotLab-DS1: A Novel Ground Truth-Empowered Botnet Dataset

Author

Muhammad Qasim, Muhammad Waleed, Tai-Won Um, Peyman Pahlevani, Jens Myrup Pedersen, and Asif Masood

Subjects

Cyberspace, botnet, dataset, machine learning, security attacks, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Cyberspace faces unparalleled threats due to the rapid rise in botnet attacks and their profound repercussions. Utilizing AI-assisted systems emerges as a potent solution for detecting and neutralizing such attacks. Existing research on botnet attack detection revolves around dataset creation, amplifying the detection methods’ efficacy and precision via sophisticated machine learning models, and a behaviour-centric analysis. A discerning review of current datasets reveals their limitations: the obsolescence of some datasets, their limited relevance to certain attack types, and an imperative lack of ground truth. Addressing these gaps, we introduce a ground truth, the BotLab-DS1 dataset, featuring 5,279 real-world active botnet samples spanning 12 botnet families and 3,000 benign instances. This paper’s core is threefold; initially, we delineate a thorough review of existing datasets and their inherent shortcomings. Subsequently, we unfold a holistic data creation strategy and leverage advanced feature engineering methods on static, behavioural, and network-centric attributes. Finally, the research involves training diverse machine learning algorithms using the BotLab-DS1 dataset for enhanced botnet detection. Our empirical findings underline that BotLab-DS1, when paired with the random forest algorithm, attains 98.6% accuracy and 99.0% precision. In contrast, gradient boosting trails closely, registering 96.34% accuracy and 96.0% precision. We believe our study will pioneer new pathways for dataset formulation and algorithmic scrutiny, enriching the research landscape and backing the global initiative to thwart botnet incursions effectively.

Published

2024

46. UASDAC: An Unsupervised Adaptive Scalable DDoS Attack Classification in Large-Scale IoT Network Under Concept Drift

Author

Saravanan Selvam and Uma Maheswari Balasubramanian

Subjects

Attacks, big data, botnet, concept drift, DDoS, IoT, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Day by day, the number of devices in IoT networks is increasing, and concurrently, the size of botnets in IoT networks is also expanding. Currently, attackers prefer IoT-based botnets to launch DDoS attacks, as IoT devices offer a vast attack surface. Many researchers have proposed machine and deep learning-based classifiers to classify DDoS and benign network traffic in online streams from IoT devices. However, the performance of the traditional machine and deep learning algorithms deteriorates when sudden concept or data drift occurs in the online streams and the volume and velocity of IoT network traffic increases. To address these challenges, we propose UASDAC, an adaptive and scalable data pipeline designed specifically to handle concept drift and detect DDoS traffic in real-time in massive online streams originating from IoT devices. UASDAC incorporates three key components: an online network stream collector for data collection, an online network stream analyzer with an unsupervised drift detector for detecting drift and DDoS traffic, and an online network stream repository for storing streams for future analytics. UASDAC leverages big data technologies to implement all the three components to achieve scalability. Additionally, UASDAC introduces an effective and efficient retraining technique to adapt to novel patterns in online streams in the presence of concept drift. We evaluated the performance of UASDAC in different concept drift scenarios using the benchmark dataset NSL-KDD and the latest IoT dataset IoT23. Our results demonstrate that UASDAC effectively identifies DDoS traffic in the presence of concept drift, achieving an accuracy range of 99.7% to 99.9%.

Published

2024

47. BotFence: A Framework for Network-Enriched Botnet Detection and Response With SmartNICs

Author

Hyunmin Seo, Seungwon Shin, and Seungsoo Lee

Subjects

Botnet, endpoint detection and response, programmable dataplane, network security, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The scale of botnet attacks is on the rise, yet traditional network security systems are inadequate to effectively respond to these threats, primarily due to high false positive rates and the extensive manpower required for analysis. In contrast, the cutting-edge method of intrusion detection, known as provenance-based analysis, offers a novel paradigm by establishing causality between host events for meticulous examination. Nonetheless, this method faces challenges in analyzing the payload of network packets, which contains critical attack information resides, due to performance efficiency constraints from packet inspection. To address these challenges, we introduce BotFence, a pioneering approach that integrates payload inspection of network packets with provenance-based analysis to enhance botnet intrusion detection and response. Notably, our system leverages SmartNICs to minimize the impact on network performance. Our system initially gathers and analyzes events within the host system, representing them as Tactics, Techniques, and Procedures (TTP). Concurrently, it collects and scrutinizes the network packets associated with these events, integrating the relationships between these TTPs and the collected network data into a Network-enhanced Threat Provenance Graph (NTPG) model that we devised. Consequently, our system provides a comprehensive security analysis of the network with minimal overhead. Demonstrations with complex attack scenarios show that BotFence successfully identifies and mitigates automated botnet infection in real time, analyzing more than 99. 9% host events in 1 ms, without degrading network performance.

Published

2024

48. Detecting Domain Names Generated by DGAs With Low False Positives in Chinese Domain Names

Author

Huiju Lee, Jeong Do Yoo, Seonghoon Jeong, and Huy Kang Kim

Subjects

Botnet, deep learning, domain generation algorithm, embedding, subword segmentation, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Attackers are known to utilize domain generation algorithms (DGAs) to generate domain names for command and control (C&C) servers and facilitate the distribution of uniform resource locators within malicious software. DGAs pose a significant threat to cybersecurity owing to their ability to dynamically generate unpredictable domain names. Extensive research is currently underway to detect the domain names created using DGAs. However, the high false positive rates when handling benign domain names in non-English languages pose a challenge. Thus, this study proposes a DGA detection method that effectively embeds non-English domain names to focus on Chinese domain names, which are referred to as domain names composed of Pinyin. The proposed method segments domain names into meaningful subwords for effective vector representation. Consequently, the FastText model learns the context information of the segmented subwords and embeds the domain name. Further, the deep learning-based detection model learns the vectorized domain names and determines whether a particular domain name is DGA-generated. We labeled the Chinese domain names among the benign domain names for our experiment. The experimental results show that the proposed method outperforms existing methods across all performance metrics on the entire test dataset. Notably, the proposed method minimizes the false positive rate, thereby enhancing detection reliability. In addition, it exhibits high performance, achieving a recall of 0.9873 and 0.9886 for Chinese and English domain names, respectively. This demonstrates that the proposed method consistently delivers high performance across various metrics and languages.

Published

2024

49. Metric-based learning approach to botnet detection with small samples

Author

Honggang LIN, Junjing ZHU, Lin CHEN

Subjects

botnet, traffic detection, few-shot detection, metric learning, Electronic computers. Computer science, QA75.5-76.95

Abstract

Botnets pose a great threat to the Internet, and early detection is crucial for maintaining cybersecurity.However, in the early stages of botnet discovery, obtaining a small number of labeled samples restricts the training of current detection models based on deep learning, leading to poor detection results.To address this issue, a botnet detection method called BT-RN, based on metric learning, was proposed for small sample backgrounds.The task-based meta-learning training strategy was used to optimize the model.The verification set was introduced into the task and the similarity between the verification sample and the training sample feature representation was measured to quickly accumulate experience, thereby reducing the model’s dependence on the labeled sample space.The feature-level attention mechanism was introduced.By calculating the attention coefficients of each dimension in the feature, the feature representation was re-integrated and the importance attention was assigned to optimize the feature representation, thereby reducing the feature sparseness of the deep neural network in small samples.The residual network design pattern was introduced, and the skip link was used to avoid the risk of model degradation and gradient disappearance caused by the deeper network after increasing the feature-level attention mechanism module.

Published

2023

50. Abuse of Cloud-Based and Public Legitimate Services as Command-and-Control (C&C) Infrastructure: A Systematic Literature Review

Author

Turki Al lelah, George Theodorakopoulos, Philipp Reinecke, Amir Javed, and Eirini Anthi

Subjects

botnet, command-and-control C&C, cloud, social network, online service, cyber abuse, Technology (General), T1-995

Abstract

The widespread adoption of cloud-based and public legitimate services (CPLS) has inadvertently opened up new avenues for cyber attackers to establish covert and resilient command-and-control (C&C) communication channels. This abuse poses a significant cybersecurity threat, as it allows malicious traffic to blend seamlessly with legitimate network activities. Traditional detection systems are proving inadequate in accurately identifying such abuses, emphasizing the urgent need for more advanced detection techniques. In our study, we conducted an extensive systematic literature review (SLR) encompassing the academic and industrial literature from 2008 to July 2023. Our review provides a comprehensive categorization of the attack techniques employed in CPLS abuses and offers a detailed overview of the currently developed detection strategies. Our findings indicate a substantial increase in cloud-based abuses, facilitated by various attack techniques. Despite this alarming trend, the focus on developing detection strategies remains limited, with only 7 out of 91 studies addressing this concern. Our research serves as a comprehensive review of CPLS abuse for the C&C infrastructure. By examining the emerging techniques used in these attacks, we aim to make a significant contribution to the development of effective botnet defense strategies.

Published

2023