Um Sistema para Detecção Não Supervisionada e Online de Botnets
Abstract
The networks of bots (a.k.a., botnets) are a threat to network security due to their dynamic nature, causing damage to companies and users with their support to attacks (e.g., Denial of Services – DoS) and the theft of personal data. Detecting botnets is a challenge, once the infected devices (bots) are widely spread in different geographic places and keep masked in daily-used devices. Techniques presented in the literature usually ignore the fast changes in the statistical data distribution and detects botnet over a static window. These changes are known as concept drifts and they make the classification models obsolete. Hence, this work presents TRUSTED, a system for on-line and unsupervised botnet detection aware of concept drifts. Unlike other works, TRUSTED applies concept drift awareness to optimize the learning for botnet detection in an on-line and unsupervised environment. Results show TRUSTED feasibility detecting botnets using concept drift identification and reched 87% accuracy.
References
Ammar, M., Russello, G., and Crispo, B. (2018). Internet of things: A survey on the security of iot frameworks. Journal of Inf. Security and Applications, 38:8–27.
Barthakur, P., Dahal, M., and Ghose, M. K. (2015). Clusibothealer: botnet detection through similarity analysis of clusters. Journal of Advances in Computer Netws, 3(1).
Beigi, E. B., Jazi, H. H., Stakhanova, N., and Ghorbani, A. A. (2014). Towards effective feature selection in machine learning-based botnet detection approaches. In 2014 IEEE Conference on Communications and Network Security, pages 247–255. IEEE.
Carela-Español, V., Barlet-Ros, P., Bifet, A., and Fukuda, K. (2016). A streaming flowbased technique for traffic classification applied to 12+ 1 years of internet traffic. Telecommunication Systems, 63(2):191–204.
Casas, P., Mulinka, P., and Vanerio, J. (2019). Should i (re) learn or should i go (on)? stream machine learning for adaptive defense against network attacks. In Proceedings of the 6th ACM Workshop on Moving Target Defense, pages 79–88.
eSales (2020). Cibersegurança: os prejuízos dos ataques cibernéticos para empresas. (https://esales.com.br/blog/ciberseguranca/). Último acesso Julho/2020.
Gama, J., Zliobaite, I., Bifet, A., Pechenizkiy, M., and Bouchachia, A. (2014). A survey on concept drift adaptation. ACM computing surveys (CSUR), 46(4):1–37.
Gözüaçk, Ö., Büyükçakr, A., Bonab, H., and Can, F. (2019). Unsupervised concept drift detection with a discriminative classifier. In Proceedings of the 28th ACM International Conference on Information and Knowledge Management, pages 2365–2368.
Sethi, T. S. and Kantardzic, M. (2017). On the reliable detection of concept drift from streaming unlabeled data. Expert Systems with Applications, 82:77 – 99.
Souza, D. (2020). Big data: Grande volume de dados + coleta de dados. (https://www.linknacional.com.br/blog/big-data-volume-de-dados/). Último acesso Abril/2020.
Wainwright, P. and Kettani, H. (2019). An analysis of botnet models. In Proceedings of the 2019 3rd International Conference on Compute and Data Analysis, ICCDA 2019, page 116–121, New York, NY, USA. Association for Computing Machinery.
Wu, W., Alvarez, J., Liu, C., and Sun, H.-M. (2018). Bot detection using unsupervised machine learning. Microsystem Technologies, 24(1):209–217.
Yahyazadeh, M. and Abadi, M. (2015). Botgrab: A negative reputation system for botnet detection. Computers & Electrical Engineering, 41:68–85.
Yu, X., Dong, X., Yu, G., Qin, Y., and Yue, D. (2010). Data-adaptive clustering analysis for online botnet detection. In 2010 Third International Joint Conference on Computational Science and Optimization, volume 1, pages 456–460. IEEE.
