Botnet Detection Using Recurrent Variational Autoencoder
Autor: | Kesheng Wu, Jinoh Kim, Jeeyung Kim, Alex Sim |
---|---|
Jazyk: | angličtina |
Rok vydání: | 2020 |
Předmět: |
FOS: Computer and information sciences
Computer Science - Machine Learning Computer Science - Cryptography and Security Computer science Recurrent Neural Network Botnet Denial-of-service attack 02 engineering and technology computer.software_genre botnet detection Machine Learning (cs.LG) Variational Autoencoder network security 0202 electrical engineering electronic engineering information engineering ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS 020206 networking & telecommunications anomaly scoring Autoencoder Spamming ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS Key (cryptography) ComputingMilieux_COMPUTERSANDSOCIETY 020201 artificial intelligence & image processing Anomaly detection Data mining Cryptography and Security (cs.CR) computer |
Zdroj: | GLOBECOM |
Popis: | Botnet detection is an active research topic as botnets are a source of many malicious activities, including distributed denial-of-service (DDoS), click-fraud, spamming, and crypto-mining attacks. However, it is getting more complicated to identify botnets due to the continuous evolution of botnet software and families that harness new types of devices and attack vectors. Recent studies employing machine learning (ML) showed improved performance to detect botnets to some extent, but they are still limited and ineffective with the lack of sequential pattern analysis, which is a key to detect various classes of botnets. In this paper, we propose a novel botnet detection method, built upon Recurrent Variational Autoencoder (RVAE), that effectively captures sequential characteristics of botnet anomalies. We validate the feasibility of the proposed method with the CTU-13 dataset that have been widely employed for botnet detection studies, and show that our method is at least comparable to existing techniques in terms of detection accuracy. In addition, our experimental results show that the proposed method can detect previously unseen botnets by utilizing sequential patterns of network traffic. We will also show how our method can detect botnets in the streaming mode, which is the essential requirement to perform real-time, on-line detection. |
Databáze: | OpenAIRE |
Externí odkaz: |