DETECTING WEB-BASED BOTNETS USING A WEB PROXY AND A CONVOLUTIONAL NEURAL NETWORK

Trần Đắc Tốt, Phạm Tuấn Khiêm, Phạm Nguyễn Huy Phương

Abstract


Botnets are increasingly becoming the most dangerous threats in the field of network security, and many different approaches to detecting attacks from botnets have been studied. Whatever approach is used, the evolution of the botnet's nature and the set of defined rules for detecting botnets can affect the performance of botnet detection systems. In this paper, we propose a general family of architectures that uses a convolutional neural network group to transform the raw characteristics provided by network flow recording and analysis tools into higher-level features, then conducts a (binary) class to assess whether a flow corresponds to a botnet attack. We experimented on the CTU-13 dataset using different configurations of the convolutional neural network to evaluate the potential of deep learning on the botnet detection problem. In particular, we propose a botnet detection system that uses a web proxy. This technique can be helpful in implementing a low-cost, but highly effective botnet detection system.


Keywords


AntiBotDDOS; Botnet; Botnet detection; Convolutional Neural Network; Web proxy.

References


Argus. (n.d.). Retrieved from https://openargus.org/.

Celik, Z. B., Raghuram, J., Kesidis, G., & Miller, A. J. (2011). Salting public traces with attack traffic to test flow classifiers. Paper presented at The USENIX 4th CSET Workshop, California, USA.

Garcia, S., Grill, M., Stiborek, H., & Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers and Security Journal, 45, 100-123.

Gu, G., Porras, P., Yegneswaran, V., Fong, M., & Lee, W. (2007). BotHunter: Detecting malware infection through ids-driven dialog correlation. Paper presented at The 16th USENIX Security Symposium, Massachusetts, USA.

Haddadi, F., Le, C. D., Porter, L., & Zincir-Heywood, A. N. (2015). On the effectiveness of different botnet detection approaches. In J. Lopez & Y. Wu (Eds), Information security practice and experience (pp. 121-135). Berlin, German: Springer Publishing.

Haddadi, F., Phan, D. T., & Zincir-Heywood, A. N. (2016). How to choose from different botnet detection systems? Istanbul, Turkey: Institute of Electrical and Electronics Engineers Publishing.

Haddadi, F., & Zincir-Heywood, A. N. (2014). Benchmarking the effect of flow exporters and protocol filters on botnet traffic classification. IEEE Systems Journal, 10(4), 1390-1401.

Maji. (n.d.). Retrieved from https://research.wand.net.nz/software/maji.php.

Netmate. (n.d.). Retrieved from https://github.com/DanielArndt/netmate-flowcalc.

Softflowd. (n.d.). Retrieved from http://www.mindrot.org/projects/softflowd.

Snort. (n.d.). Retrieved from Snort: https://www.snort.org.

Tranalyzer. (n.d.). Retrieved from https://tranalyzer.com/.

Wang, K., Huang, C., & Lin, S. (2011). A fuzzy pattern-based filtering algorithm for botnet detection. Computer Networks, 55, 3275-3286.

Wurzinger, P., Bilge, L., Holz, T., Goebel, J., Kruegel, C., & Kirda, E. (2009). Automatically generating models for botnet detection. In M. Backers & P. Ning (Eds), Computer science–ESORICS (pp. 232-249). Berlin, German: Springer Publishing.

YAF. (n.d.). Retrieved from https://tools.netsa.cert.org/yaf/index.html.

Zhao, D., Traore, I., Ghorbani, A., Sayed, B., Saad, S., & Lu, W. (2012). Peer to peer botnet detection based on flow intervals. In D. Gritzalis, S. Furnell, & M. Theoharidou (Eds), Information security and privacy research (IFIP Advances in Information and Communication Technology) (pp. 87-102). Berlin, German: Springer Publishing.




DOI: http://dx.doi.org/10.37569/DalatUniversity.10.3.652(2020)

Refbacks

  • There are currently no refbacks.


Copyright (c) 2020 Trần Đắc Tốt, Phạm Tuấn Khiêm, Phạm Nguyễn Huy Phương.

License URL: https://creativecommons.org/licenses/by-nc/4.0/
Editorial Office of DLU Journal of Science
Room.15, A25 Building, 01 Phu Dong Thien Vuong Street, Dalat, Lamdong
Email: tapchikhoahoc@dlu.edu.vn - Phone: (+84) 263 3 555 131

Creative Commons License
Based on Open Journal Systems
Developed by Information Technology Department