Online detection of Botnets on Network Flows using Stream Mining

  • Victor G. Turrisi da Costa
  • Bruno Bogaz Zarpelão
  • Rodrigo Sanches Miani
  • Sylvio Barbon Junior

Resumo


The threat posed by botnets of infecting a large number of devices and using them together to perform several malicious actions has become a growing issue to the Internet security. One way to deal with it is to have methods able to correctly identify those botnets and then run necessary countermeasures. Many approaches using machine learning (ML) have been proposed over the years to cope with botnet detection. Nonetheless, the algorithms commonly employed cannot adapt to new data without significant effort. In this sense, a ML research topic referred to as stream mining may be a solution. Stream mining algorithms are specially tailored to learn incrementally with new instances, without consuming significant memory or time. This work proposes an approach using the Very Fast Decision Tree, a classification algorithm used on stream mining that can learn incrementally when needed, to identify botnets by observing network flows. When evaluating the approach on multiple scenarios with different botnets, we were able to achieve high performance metrics on the majority of scenarios, while using a significantly low number of labelled instances.
Publicado
10/05/2018
Como Citar

Selecione um Formato
COSTA, Victor G. Turrisi da; ZARPELÃO, Bruno Bogaz; MIANI, Rodrigo Sanches; JUNIOR, Sylvio Barbon. Online detection of Botnets on Network Flows using Stream Mining. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC) , 2018 Anais do XXXVI Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos. Porto Alegre: Sociedade Brasileira de Computação, may 2018 . ISSN 2177-9384.