Identificação Antecipada de Botnets por Aprendizagem de Máquina
Resumo
O envio de spam, o roubo de dados pessoais e o ataque de negação de serviço são exemplos de ações resultantes da exploração de vulnerabilidades em dispositivos inseguros conectados à Internet. A constante evolução dos ataques, o aumento na quantidade de dispositivos vulneráveis devido à Internet das Coisas (IoT) e os elevados custos com os danos causados reforçam a necessidade de antecipar a ação de redes de dispositivos infectados (bots) geradoras de ataques. Neste contexto, os algoritmos de aprendizagem de máquina são relevantes para identificar essas redes, pois oferecem adaptação e tratamento de uma quantidade massiva de dados. Este trabalho apresenta o sistema ANTE, identificação ANTecipada de botnEts com base em algoritmos de aprendizagem de máquina. Instanciamos o sistema e comparamos os resultados obtidos de diferentes cenários e sob a análise de dados, como as bases de dados CTU-13 (cenários 10 e 11), CICDDoS2019, ISOT HTTP Botnet, CAIDA DDoS Attack 2007 e CSE-CIC-IDS2018. Embora as instâncias do sistema sejam capazes de identificar os bots, não existe uma única capaz de atender todos os cenários.
Referências
Alenazi, A., Traore, I., Ganame, K., and Woungang, I. (2017). Holistic model for http botnet detection based on DNS traffic analysis. In Traore, I., Woungang, I., and Awad, A., editors, ISDDC, pages 1–18. SIP.
Bansal, A. and Mahapatra, S. (2017). A comparative analysis of machine learning techniques for botnet detection. In SINCONF, pages 91–98, New York, NY, USA. ACM.
Bapat, R., Mandya, A., Liu, X., Abraham, B., Brown, D. E., Kang, H., and Veeraraghavan, M. (2018). Identifying malicious botnet traffic using logistic regression. In SIEDS, pages 266–271.
Chang, W., Mohaisen, A., Wang, A., and Chen, S. (2018). Understanding adversarial strategies from bot recruitment to scheduling. In Lin, X., Ghorbani, A., Ren, K., Zhu, S., and Zhang, A., editors, SecureComm, pages 397–417, Cham. SIP.
Chen, S., Chen, Y., and Tzeng, W. (2018). Effective botnet detection through neural networks on convolutional features. In IEEE TrustCom, pages 372–378.
Cisco, V. N. I. (2019). Global mobile data traffic forecast update, 2017-2022. https://www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/white-paper-c11-738429.pdf.
Garcı́a, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100 – 123.
Gupta, B. and Badve, O. P. (2017). Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Comp.and Appl., 28(12):3655–3682.
Haq, S. and Singh, Y. (2018). Botnet detection using machine learning. In International Conference on Parallel, Distributed and Grid Computing, pages 240–245.
Indre, I. and Lemnaru, C. (2016). Detection and prevention system against cyber attacks and botnet malware for information systems and Internet of Things. In IEEE ICCP, pages 175–182.
Karim, A., Salleh, R. B., Shiraz, M., Shah, S. A. A., Awan, I., and Anuar, N. B. (2014). Botnet detection techniques: review, future trends, and issues. Journal of Zhejiang University SCIENCE C, 15(11):943–983.
Khanchi, S., Vahdat, A., Heywood, M. I., and Zincir-Heywood, A. N. (2018). On botnet detection with genetic programming under streaming data, label budgets and class imbalance. In GECCO, pages 21–22, New York, NY, USA.
Li, S.-H., Kao, Y.-C., Zhang, Z.-C., Chuang, Y.-P., and Yen, D. C. (2015). A network behavior-based botnet detection mechanism using PSO and K-means. ACM Trans. Manage. Inf. Syst., 6(1):3:1–3:30.
Lu, L., Feng, Y., and Sakurai, K. (2017). C&c session detection using random forest. In IMCOM, pages 34:1–34:6, New York, NY, USA. ACM.
Mane, Y. D. (2017). Detect and deactivate p2p zeus bot. In ICCCNT, pages 1–7.
Nordrum, A. (2016). Popular internet of things forecast of 50 billion devices by 2020 is outdated (2016). https://spectrum.ieee.org/tech-talk/telecom/internet/popular-internet-of-things-forecast-of-50-billion-devices-by-2020-is-outdated[Acesso em: 29/7/2019].
Osanaiye, O., Cai, H., Choo, K.-K. R., Dehghantanha, A., Xu, Z., and Dlodlo, M. (2016). Ensemble-based multi-filter feature selection method for ddos detection in cloud computing. JWCN, 2016(1):130.
Saad, S., Traore, I., Ghorbani, A., Sayed, B., Zhao, D., Lu, W., Felix, J., and Hakimian, P. (2011). Detecting P2P botnets through network behavior analysis and machine learning. In PST, pages 174–180. Seo, J. W. and Lee, S. J. (2016). A study on efficient detection of network-based ip spoofing ddos and malware-infected systems. SpringerPlus, 5(1):1878.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In ICCST, pages 1–8.
Wang, C.-Y., Ou, C.-L., Zhang, Y.-E., Cho, F.-M., Chen, P.-H., Chang, J.-B., and Shieh, C.-K. (2018). Botcluster: A session-based P2P botnet clustering system on netflow. Computer Networks, 145:175 – 189.