BOTNET DETECTION USING INDEPENDENT COMPONENT ANALYSIS
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F62690094%3A18450%2F22%3A50018937" target="_blank" >RIV/62690094:18450/22:50018937 - isvavai.cz</a>
Výsledek na webu
<a href="https://journals.iium.edu.my/ejournal/index.php/iiumej/article/view/1789" target="_blank" >https://journals.iium.edu.my/ejournal/index.php/iiumej/article/view/1789</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.31436/IIUMEJ.V23I1.1789" target="_blank" >10.31436/IIUMEJ.V23I1.1789</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
BOTNET DETECTION USING INDEPENDENT COMPONENT ANALYSIS
Popis výsledku v původním jazyce
Botnet is a significant cyber threat that continues to evolve. Botmasters continue to improve the security framework strategy for botnets to go undetected. Newer botnet source code runs attack detection every second, and each attack demonstrates the difficulty and robustness of monitoring the botnet. In the conventional network botnet detection model that uses signature-analysis, the patterns of a botnet concealment strategy such as encryption & polymorphic and the shift in structure from centralized to decentralized peer-to-peer structure, generate challenges. Behavior analysis seems to be a promising approach for solving these problems because it does not rely on analyzing the network traffic payload. Other than that, to predict novel types of botnet, a detection model should be developed. This study focuses on using flow-based behavior analysis to detect novel botnets, necessary due to the difficulties of detecting existing patterns in a botnet that continues to modify the signature in concealment strategy. This study also recommends introducing Independent Component Analysis (ICA) and data pre-processing standardization to increase data quality before classification. With and without ICA implementation, we compared the percentage of significant features. Through the experiment, we found that the results produced from ICA show significant improvements. The highest F-score was 83% for Neris bot. The average F-score for a novel botnet sample was 74%. Through the feature importance test, the feature importance increased from 22% to 27%, and the training model false positive rate also decreased from 1.8% to 1.7%. © 2022. IIUM Engineering Journal. All Rights Reserved.
Název v anglickém jazyce
BOTNET DETECTION USING INDEPENDENT COMPONENT ANALYSIS
Popis výsledku anglicky
Botnet is a significant cyber threat that continues to evolve. Botmasters continue to improve the security framework strategy for botnets to go undetected. Newer botnet source code runs attack detection every second, and each attack demonstrates the difficulty and robustness of monitoring the botnet. In the conventional network botnet detection model that uses signature-analysis, the patterns of a botnet concealment strategy such as encryption & polymorphic and the shift in structure from centralized to decentralized peer-to-peer structure, generate challenges. Behavior analysis seems to be a promising approach for solving these problems because it does not rely on analyzing the network traffic payload. Other than that, to predict novel types of botnet, a detection model should be developed. This study focuses on using flow-based behavior analysis to detect novel botnets, necessary due to the difficulties of detecting existing patterns in a botnet that continues to modify the signature in concealment strategy. This study also recommends introducing Independent Component Analysis (ICA) and data pre-processing standardization to increase data quality before classification. With and without ICA implementation, we compared the percentage of significant features. Through the experiment, we found that the results produced from ICA show significant improvements. The highest F-score was 83% for Neris bot. The average F-score for a novel botnet sample was 74%. Through the feature importance test, the feature importance increased from 22% to 27%, and the training model false positive rate also decreased from 1.8% to 1.7%. © 2022. IIUM Engineering Journal. All Rights Reserved.
Klasifikace
Druh
J<sub>imp</sub> - Článek v periodiku v databázi Web of Science
CEP obor
—
OECD FORD obor
21101 - Food and beverages
Návaznosti výsledku
Projekt
—
Návaznosti
S - Specificky vyzkum na vysokych skolach
Ostatní
Rok uplatnění
2022
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název periodika
IIUM Engineering Journal
ISSN
1511-788X
e-ISSN
2289-7860
Svazek periodika
23
Číslo periodika v rámci svazku
1
Stát vydavatele periodika
MY - Malajsie
Počet stran výsledku
21
Strana od-do
95-115
Kód UT WoS článku
000744151300007
EID výsledku v databázi Scopus
2-s2.0-85123264706