TENCON2018_botnet_detection_ML.pdf - See discussions stats...

This preview shows page 1 - 3 out of 7 pages.

See discussions, stats, and author profiles for this publication at: Automated Botnet Traffic Detection via Machine Learning Conference Paper · October 2018 CITATIONS 0 READS 106 5 authors , including: Some of the authors of this publication are also working on these related projects: Metric Learning and Siamese Neural Networks View project Multimedia Forensics and Data Security View project Lilei Zheng Institute for Infocomm Research 22 PUBLICATIONS 139 CITATIONS SEE PROFILE Kwong Wai Watt Institute for Infocomm Research 2 PUBLICATIONS 0 CITATIONS SEE PROFILE Le Su Institute for Infocomm Research 5 PUBLICATIONS 14 CITATIONS SEE PROFILE All content following this page was uploaded by Lilei Zheng on 09 December 2018. The user has requested enhancement of the downloaded file.
Image of page 1

Subscribe to view the full document.

Automated Botnet Traffic Detection via Machine Learning Fok Kar Wai, Zheng Lilei, Watt Kwong Wai, Su Le, Vrizlynn L. L. Thing Cyber Security & Intelligence, Institute for Infocomm Research (I 2 R) { fokkw, zhengll, wattkw, lsu, vriz } @i2r.a-star.edu.sg Abstract —Connected machines become more vulnerable to malware infections which potentially cause them to be controlled as part of a botnet for cybercrime activities. Prompt detection of infected machines is required for protecting local networks and infrastructure as well as reducing the impact of botnets. In this paper, we propose the use of machine learning techniques involving multi-layer perceptrons and decision trees on network traffic analysis for the detection of botnet traffic. We enhance components of an existing detection framework with these tech- niques to automate its processes and improve performance at the same time. Our experiments indicate that the modifications successfully improved the overall performance of botnet traffic detection in both supervised and semi-supervised manners. I. I NTRODUCTION The connectedness of devices and machines via the network has accelerated the process of malware infections and created the potential for detrimental malicious activities. Infected machine may become part of an existing army of machines known as a botnet, which is controlled by the malware’s creator. Botnets are commonly used for cybercrimes such as exfiltration of confidential and valuable data and launching of network-related attacks against target systems. The con- tinued threat of botnets can be observed in Kaspersky Lab’s cyberthreat reports. In its latest report for Distributed-Denial- of-Service (DDoS) attacks by botnets for the first quarter of 2018 [1], there was an occurrence of a 297-hour long sustained DDoS attack, one of the longest in recent years. The detection of anomalous botnet traffic is vital for secur- ing machines in networks. Therefore, vast amounts of effort have been put into researching and developing solutions for network anomaly detection. Statisical-based approaches such as [9], [12] and [10] utilise methods like sequential probability ratio test and likelihood ratio tests to detect anomalies from aggregate traffic. Clustering-based solutions can be found
Image of page 2
Image of page 3

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern