BOTNET DETECTION USING INDEPENDENT COMPONENT ANALYSIS

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F62690094%3A18450%2F22%3A50018937" target="_blank" >RIV/62690094:18450/22:50018937 - isvavai.cz</a>

Výsledek na webu

<a href="https://journals.iium.edu.my/ejournal/index.php/iiumej/article/view/1789" target="_blank" >https://journals.iium.edu.my/ejournal/index.php/iiumej/article/view/1789</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.31436/IIUMEJ.V23I1.1789" target="_blank" >10.31436/IIUMEJ.V23I1.1789</a>

Jazyk výsledku

angličtina

Název v původním jazyce

BOTNET DETECTION USING INDEPENDENT COMPONENT ANALYSIS

Popis výsledku v původním jazyce

Botnet is a significant cyber threat that continues to evolve. Botmasters continue to improve the security framework strategy for botnets to go undetected. Newer botnet source code runs attack detection every second, and each attack demonstrates the difficulty and robustness of monitoring the botnet. In the conventional network botnet detection model that uses signature-analysis, the patterns of a botnet concealment strategy such as encryption &amp; polymorphic and the shift in structure from centralized to decentralized peer-to-peer structure, generate challenges. Behavior analysis seems to be a promising approach for solving these problems because it does not rely on analyzing the network traffic payload. Other than that, to predict novel types of botnet, a detection model should be developed. This study focuses on using flow-based behavior analysis to detect novel botnets, necessary due to the difficulties of detecting existing patterns in a botnet that continues to modify the signature in concealment strategy. This study also recommends introducing Independent Component Analysis (ICA) and data pre-processing standardization to increase data quality before classification. With and without ICA implementation, we compared the percentage of significant features. Through the experiment, we found that the results produced from ICA show significant improvements. The highest F-score was 83% for Neris bot. The average F-score for a novel botnet sample was 74%. Through the feature importance test, the feature importance increased from 22% to 27%, and the training model false positive rate also decreased from 1.8% to 1.7%. © 2022. IIUM Engineering Journal. All Rights Reserved.

Název v anglickém jazyce

BOTNET DETECTION USING INDEPENDENT COMPONENT ANALYSIS

Popis výsledku anglicky

Botnet is a significant cyber threat that continues to evolve. Botmasters continue to improve the security framework strategy for botnets to go undetected. Newer botnet source code runs attack detection every second, and each attack demonstrates the difficulty and robustness of monitoring the botnet. In the conventional network botnet detection model that uses signature-analysis, the patterns of a botnet concealment strategy such as encryption &amp; polymorphic and the shift in structure from centralized to decentralized peer-to-peer structure, generate challenges. Behavior analysis seems to be a promising approach for solving these problems because it does not rely on analyzing the network traffic payload. Other than that, to predict novel types of botnet, a detection model should be developed. This study focuses on using flow-based behavior analysis to detect novel botnets, necessary due to the difficulties of detecting existing patterns in a botnet that continues to modify the signature in concealment strategy. This study also recommends introducing Independent Component Analysis (ICA) and data pre-processing standardization to increase data quality before classification. With and without ICA implementation, we compared the percentage of significant features. Through the experiment, we found that the results produced from ICA show significant improvements. The highest F-score was 83% for Neris bot. The average F-score for a novel botnet sample was 74%. Through the feature importance test, the feature importance increased from 22% to 27%, and the training model false positive rate also decreased from 1.8% to 1.7%. © 2022. IIUM Engineering Journal. All Rights Reserved.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

21101 - Food and beverages

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

IIUM Engineering Journal

ISSN

1511-788X

e-ISSN

2289-7860

Svazek periodika

23

Číslo periodika v rámci svazku

1

Stát vydavatele periodika

MY - Malajsie

Počet stran výsledku

21

Strana od-do

95-115

Kód UT WoS článku

000744151300007

EID výsledku v databázi Scopus

2-s2.0-85123264706