BOTNET DETECTION APPROACH BASED ON THE DISTRIBUTED SYSTEMS
Keywords:malware, botnet, botnet detection, distributed systems, attacks, naive Bayes classifier, network security.
AbstractThe paper presents a botnet detection approach for the distributed systems. It is based on the developed three level model, which includes botnet’s components: command and control center, control centers, basic elements of the botnet (bots). The novel framework provides the ability to detect known and unknown botnets, and consists of the host and the network levels. At the host level, the detection procedure is based on the implementation of the Bayes classification. The network level extends the results obtained at the host level to the rest of the local area network. Proposed approach provides the exchange of the results obtained by the Bayes classification for further use by other program units of the distributed system. The results of the developed classifier show that representation of the botnets’ samples for different classes and subclasses is sufficient for efficient botnet detection. Proposed technique demonstrates promising results concerning botnet detection in the distributed systems.
TrendMicro, 2019, [Online]. Available at: https://www.trendmicro.com/vinfo/us/security/news/botnets.
ESET Endpoint Security, 2019, [Online]. Available at: https://eset.ua/ua/ products/for_business/security/endpoint_security.
Dr. Web CureNet, 2019, [Online]. Available at: https://curenet.drweb.ru.
Symantec Endpoint Protection, 2019, [Online]. Available at: https://www.anti-malware.ru/reviews/Symantec_Endpoint_Protection.
Malwarebytes Endpoint Security, 2019, [Online]. Available at: https://ru.malware bytes. com/business/endpoint security.
Network Admission Control, 2019, [Online]. Available at: https://www.cisco.com/web/RU/products/hw/wireless/secure/cnac.html.
Kaspersky Administration Kit, 2019, [Online]. Available at: https://support.kaspersky.ru/learning/courses/kl_102.80/intro/section1.
S. Miller, C. Busby-Earle, “The role of machine learning in botnet detection,” Proceedings of the 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST), Barcelona, 2016, pp. 359-364, DOI: 10.1109/ICITST.2016.7856730.
K. Alieyan, A. ALmomani, A. Manasrah, M.M Kadhum “A survey of botnet detection based on DNS,” Neural Computing and Applications. vol. 28, no. 7, pp. 1541-1558, 2017.
M. Eslahi, W.Z. Abidin, and M.V. Naseri, “Correlation-based HTTP Botnet detection using network communication histogram analysis,” Proceedings of the Application, Information and Network Security (AINS), Miri, Malaysia, November 13-14, 2017, pp. 7-12.
A. Pronoza, L. Vitkova, A. Chechulin, I. Kotenko, “Visual analysis of information dissemination channels in social network for protection against inappropriate content,” Proceedings of the 3rd International Scientific Conference Intelligent Information Technologies for Industry, Sochi, Russia, September 17-21, 2019, vol. 2, pp. 95-105.
M. Komar, A. Sachenko, V. Golovko, V. Dorosh, “Compression of network traffic parameters for detecting cyber attacks based on deep learning,” Proceedings of 2018 IEEE 9th International Conference on Dependable Systems Services and Technologies DESSERT'2018, Kiev, Ukraine, May 24-27, 2018, pp. 44-47.
S.H. Li, Y.C. Kao, Z.C. Zhang, Y.P. Chuang and D.C. Yen, “A network behavior-based botnet detection mechanism using PSO and K-means,” Journal ACM Transactions on Management Information Systems (TMIS), vol. 6, issue 1, pp. 1-30, 2015.
M. Stevanovic and J. M. Pedersen, “An analysis of network traffic classification for botnet detection,” Proceedings of the 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment London, UK, June 8-9, 2015, pp. 1-8.
M. Sun, G. Xu, J. Zhang, D. Kim, “Tracking you through DNS traffic: Linking user sessions by clustering with Dirichlet mixture model, ” in Proceedings of the 20th ACM International Conference on Modeling, Analysis, and Simulation of Wireless and Mobile Systems, Miami, FL, US, November 2017, pp. 303-310.
K. Schomp, M. Rabinovich, and M. Allman, “Towards a model of DNS client behavior,” Proceedings of the International Conference on Passive and Active Network Measurement, Heraklion, Crete, Greece, 31 March - 1 April, 2016, vol. 9631, pp. 263-275.
J. Zheng, Q. Li, G. Gu, J. Cao, D.K. Yau, J. Wu, “Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis,” IEEE Transactions on Information Forensics and Security, vol. 13, issue 7, pp. 1838-1853, 2018.
M. Kuhrer, T. Hupperich, J. Bushart, C. Rossow and T. Holz. “Going wild: Large-scale classification of open DNS resolvers,” Proceedings of the ACM Internet Measurement Conference (IMC), Tokyo, Japan, October 28-30, 2015, pp. 355-368.
N. Koroniotis, N. Moustafa, E. Sitnikova, J. Slay, “Towards developing network forensic mechanism for botnet activities in the IoT based on machine learning techniques,” Proceedings of the International Conference on Mobile Networks and Management, Springer, Cham, 2017, pp. 30-44.
O. Savenko, S. Lysenko, A. Kryschuk, “Multi-agent based approach of botnet detection in computer systems,” in Communications in Computer and Information Science book series, vol. 291, 2012, pp. 171-180.
S. Lysenko, O. Savenko, A. Kryshchuk, Y. Klyots, “Botnet detection technique for corporate area network,” Proceedings of the IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems IDAACS’2013, Berlin, Germany, September 2013, vol. 1, pp. 315-320.
A. Karim, R.B. Salleh, M. Shiraz, et al., “Botnet detection techniques: review, future trends, and issues,” Journal of Zhejiang University SCIENCE C, vol. 15, pp. 943–983, 2014. https://doi.org/10.1631/jzus.C1300242
T. Sochor, M. Zuzcak, “Attractiveness study of honeypots and honeynets in internet threat detection,” Communications in Computer and Information Science, vol. 522, pp. 69-81, 2015.
W. Wu, J. Alvarez, C. Liu, H. M. Sun, “Bot detection using unsupervised machine learning,” Microsystem Technologies, vol. 24, issue 1, pp. 209-217, 2018.
M. Mahmoud, M.P. Nir, A. Matrawy, “A survey on botnet architectures, detection and defences,” International Journal of Network Security, vol. 17, issue 3, pp. 264-281, 2014.
Y. Meidan et al., “N-BaIoT—Network-based detection of IoT botnet attacks using deep autoencoders,” IEEE Pervasive Computing, vol. 17, no. 3, pp. 12-22, Jul.-Sep. 2018, DOI: 10.1109/MPRV.2018.03367731.
How to Cite
LicenseInternational Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:
• Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
• Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
• Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.