A method for detecting botnets in IT infrastructure using a neural network

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F25840886%3A_____%2F24%3AN0000008" target="_blank" >RIV/25840886:_____/24:N0000008 - isvavai.cz</a>

Výsledek na webu

<a href="https://ceur-ws.org/Vol-3736/paper21.pdf" target="_blank" >https://ceur-ws.org/Vol-3736/paper21.pdf</a>

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

A method for detecting botnets in IT infrastructure using a neural network

Popis výsledku v původním jazyce

Information technology has become an integral part of modern life, but with this come new cyber threats. One of them is botnets—networks of infected computers that criminals use for DDoS attacks, data theft, and spam distribution. Traditional detection methods, such as signature analysis and rule- based approaches, often fail to handle these threats, necessitating the implementation of advanced methods. This article presents a botnet detection method in IT infrastructure based on the use of neural networks. The proposed approach involves creating a baseline configuration of the IT infrastructure by a system administrator for further training of neural networks to detect botnet attacks. Experiments conducted on four types of botnets (DDoS, spam, data theft, and cryptocurrency mining) demonstrated high accuracy and efficiency of the system. The method achieved 96% accuracy in detecting DDoS attacks, 93% in detecting spam botnets, 95% in detecting data theft botnets, and 94% in detecting cryptocurrency mining botnets. The use of a genetic algorithm for training neural networks improved detection efficiency. The method demonstrates high detection speed, with an average time of less than one second. Thus, the developed method is an effective tool for ensuring the security of IT infrastructure, confirming the relevance of using neural networks and machine learning for cybersecurity. Further research is aimed at improving the adaptability of neural networks and reducing the computational resources required for model parameter optimization.

Název v anglickém jazyce

A method for detecting botnets in IT infrastructure using a neural network

Popis výsledku anglicky

Information technology has become an integral part of modern life, but with this come new cyber threats. One of them is botnets—networks of infected computers that criminals use for DDoS attacks, data theft, and spam distribution. Traditional detection methods, such as signature analysis and rule- based approaches, often fail to handle these threats, necessitating the implementation of advanced methods. This article presents a botnet detection method in IT infrastructure based on the use of neural networks. The proposed approach involves creating a baseline configuration of the IT infrastructure by a system administrator for further training of neural networks to detect botnet attacks. Experiments conducted on four types of botnets (DDoS, spam, data theft, and cryptocurrency mining) demonstrated high accuracy and efficiency of the system. The method achieved 96% accuracy in detecting DDoS attacks, 93% in detecting spam botnets, 95% in detecting data theft botnets, and 94% in detecting cryptocurrency mining botnets. The use of a genetic algorithm for training neural networks improved detection efficiency. The method demonstrates high detection speed, with an average time of less than one second. Thus, the developed method is an effective tool for ensuring the security of IT infrastructure, confirming the relevance of using neural networks and machine learning for cybersecurity. Further research is aimed at improving the adaptability of neural networks and reducing the computational resources required for model parameter optimization.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20202 - Communication engineering and systems

Projekt

—

Návaznosti

N - Vyzkumna aktivita podporovana z neverejnych zdroju

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

ICyberPhyS-2024: 1st International Workshop on Intelligent & CyberPhysical Systems

ISBN

—

ISSN

1613-0073

e-ISSN

—

Počet stran výsledku

11

Strana od-do

282-292

Název nakladatele

CEUR

Místo vydání

Khmelnytskyi, Ukraine

Místo konání akce

Khmelnytskyi, Ukraine

Datum konání akce

28. 6. 2024

Typ akce podle státní příslušnosti

EUR - Evropská akce

Kód UT WoS článku

—