DETECTING WEB-BASED BOTNETS USING A WEB PROXY AND A CONVOLUTIONAL NEURAL NETWORK
Keywords:AntiBotDDOS, Botnet, Botnet detection, Convolutional Neural Network, Web proxy.
Botnets are increasingly becoming the most dangerous threats in the field of network security, and many different approaches to detecting attacks from botnets have been studied. Whatever approach is used, the evolution of the botnet's nature and the set of defined rules for detecting botnets can affect the performance of botnet detection systems. In this paper, we propose a general family of architectures that uses a convolutional neural network group to transform the raw characteristics provided by network flow recording and analysis tools into higher-level features, then conducts a (binary) class to assess whether a flow corresponds to a botnet attack. We experimented on the CTU-13 dataset using different configurations of the convolutional neural network to evaluate the potential of deep learning on the botnet detection problem. In particular, we propose a botnet detection system that uses a web proxy. This technique can be helpful in implementing a low-cost, but highly effective botnet detection system.
Argus. (n.d.). Retrieved from https://openargus.org/.
Celik, Z. B., Raghuram, J., Kesidis, G., & Miller, A. J. (2011). Salting public traces with attack traffic to test flow classifiers. Paper presented at The USENIX 4th CSET Workshop, California, USA.
Garcia, S., Grill, M., Stiborek, H., & Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers and Security Journal, 45, 100-123.
Gu, G., Porras, P., Yegneswaran, V., Fong, M., & Lee, W. (2007). BotHunter: Detecting malware infection through ids-driven dialog correlation. Paper presented at The 16th USENIX Security Symposium, Massachusetts, USA.
Haddadi, F., Le, C. D., Porter, L., & Zincir-Heywood, A. N. (2015). On the effectiveness of different botnet detection approaches. In J. Lopez & Y. Wu (Eds), Information security practice and experience (pp. 121-135). Berlin, German: Springer Publishing.
Haddadi, F., Phan, D. T., & Zincir-Heywood, A. N. (2016). How to choose from different botnet detection systems? Istanbul, Turkey: Institute of Electrical and Electronics Engineers Publishing.
Haddadi, F., & Zincir-Heywood, A. N. (2014). Benchmarking the effect of flow exporters and protocol filters on botnet traffic classification. IEEE Systems Journal, 10(4), 1390-1401.
Maji. (n.d.). Retrieved from https://research.wand.net.nz/software/maji.php.
Netmate. (n.d.). Retrieved from https://github.com/DanielArndt/netmate-flowcalc.
Softflowd. (n.d.). Retrieved from http://www.mindrot.org/projects/softflowd.
Snort. (n.d.). Retrieved from Snort: https://www.snort.org.
Tranalyzer. (n.d.). Retrieved from https://tranalyzer.com/.
Wang, K., Huang, C., & Lin, S. (2011). A fuzzy pattern-based filtering algorithm for botnet detection. Computer Networks, 55, 3275-3286.
Wurzinger, P., Bilge, L., Holz, T., Goebel, J., Kruegel, C., & Kirda, E. (2009). Automatically generating models for botnet detection. In M. Backers & P. Ning (Eds), Computer science–ESORICS (pp. 232-249). Berlin, German: Springer Publishing.
YAF. (n.d.). Retrieved from https://tools.netsa.cert.org/yaf/index.html.
Zhao, D., Traore, I., Ghorbani, A., Sayed, B., Saad, S., & Lu, W. (2012). Peer to peer botnet detection based on flow intervals. In D. Gritzalis, S. Furnell, & M. Theoharidou (Eds), Information security and privacy research (IFIP Advances in Information and Communication Technology) (pp. 87-102). Berlin, German: Springer Publishing.
Volume and Issues
Copyright & License
Copyright (c) 2020 Trần Đắc Tốt, Phạm Tuấn Khiêm, Phạm Nguyễn Huy Phương.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.