DETECTING WEB-BASED BOTNETS USING A WEB PROXY AND A CONVOLUTIONAL NEURAL NETWORK

Authors

  • Trần Đắc Tốt The Faculty of Information Technology, Ho Chi Minh City University of Food Industry, Viet Nam
  • Phạm Tuấn Khiêm The Faculty of Information Technology, Ho Chi Minh City University of Food Industry, Viet Nam
  • Phạm Nguyễn Huy Phương The Faculty of Information Technology, Ho Chi Minh City University of Food Industry, Viet Nam

DOI:

https://doi.org/10.37569/DalatUniversity.10.3.652(2020)

Keywords:

AntiBotDDOS, Botnet, Botnet detection, Convolutional Neural Network, Web proxy.

Abstract

Botnets are increasingly becoming the most dangerous threats in the field of network security, and many different approaches to detecting attacks from botnets have been studied. Whatever approach is used, the evolution of the botnet's nature and the set of defined rules for detecting botnets can affect the performance of botnet detection systems. In this paper, we propose a general family of architectures that uses a convolutional neural network group to transform the raw characteristics provided by network flow recording and analysis tools into higher-level features, then conducts a (binary) class to assess whether a flow corresponds to a botnet attack. We experimented on the CTU-13 dataset using different configurations of the convolutional neural network to evaluate the potential of deep learning on the botnet detection problem. In particular, we propose a botnet detection system that uses a web proxy. This technique can be helpful in implementing a low-cost, but highly effective botnet detection system.

Downloads

Download data is not yet available.

References

Argus. (n.d.). Retrieved from https://openargus.org/.

Celik, Z. B., Raghuram, J., Kesidis, G., & Miller, A. J. (2011). Salting public traces with attack traffic to test flow classifiers. Paper presented at The USENIX 4th CSET Workshop, California, USA.

Garcia, S., Grill, M., Stiborek, H., & Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers and Security Journal, 45, 100-123.

Gu, G., Porras, P., Yegneswaran, V., Fong, M., & Lee, W. (2007). BotHunter: Detecting malware infection through ids-driven dialog correlation. Paper presented at The 16th USENIX Security Symposium, Massachusetts, USA.

Haddadi, F., Le, C. D., Porter, L., & Zincir-Heywood, A. N. (2015). On the effectiveness of different botnet detection approaches. In J. Lopez & Y. Wu (Eds), Information security practice and experience (pp. 121-135). Berlin, German: Springer Publishing.

Haddadi, F., Phan, D. T., & Zincir-Heywood, A. N. (2016). How to choose from different botnet detection systems? Istanbul, Turkey: Institute of Electrical and Electronics Engineers Publishing.

Haddadi, F., & Zincir-Heywood, A. N. (2014). Benchmarking the effect of flow exporters and protocol filters on botnet traffic classification. IEEE Systems Journal, 10(4), 1390-1401.

Maji. (n.d.). Retrieved from https://research.wand.net.nz/software/maji.php.

Netmate. (n.d.). Retrieved from https://github.com/DanielArndt/netmate-flowcalc.

Softflowd. (n.d.). Retrieved from http://www.mindrot.org/projects/softflowd.

Snort. (n.d.). Retrieved from Snort: https://www.snort.org.

Tranalyzer. (n.d.). Retrieved from https://tranalyzer.com/.

Wang, K., Huang, C., & Lin, S. (2011). A fuzzy pattern-based filtering algorithm for botnet detection. Computer Networks, 55, 3275-3286.

Wurzinger, P., Bilge, L., Holz, T., Goebel, J., Kruegel, C., & Kirda, E. (2009). Automatically generating models for botnet detection. In M. Backers & P. Ning (Eds), Computer science–ESORICS (pp. 232-249). Berlin, German: Springer Publishing.

YAF. (n.d.). Retrieved from https://tools.netsa.cert.org/yaf/index.html.

Zhao, D., Traore, I., Ghorbani, A., Sayed, B., Saad, S., & Lu, W. (2012). Peer to peer botnet detection based on flow intervals. In D. Gritzalis, S. Furnell, & M. Theoharidou (Eds), Information security and privacy research (IFIP Advances in Information and Communication Technology) (pp. 87-102). Berlin, German: Springer Publishing.

Published

30-09-2020

Volume and Issues

Section

Natural Sciences and Technology

How to Cite

Tốt, T. Đắc, Khiêm, P. T., & Phương, P. N. H. (2020). DETECTING WEB-BASED BOTNETS USING A WEB PROXY AND A CONVOLUTIONAL NEURAL NETWORK. Dalat University Journal of Science, 10(3), 3-24. https://doi.org/10.37569/DalatUniversity.10.3.652(2020)