In the face of the increasingly severe Botnet problem on the Internet,how to effectively detect Botnet traffic in realtime has become a critical problem.Although the existing deepQnetwork(DQN)algorithminDeep reinforce...In the face of the increasingly severe Botnet problem on the Internet,how to effectively detect Botnet traffic in realtime has become a critical problem.Although the existing deepQnetwork(DQN)algorithminDeep reinforcement learning can solve the problem of real-time updating,its prediction results are always higher than the actual results.In Botnet traffic detection,although it performs well in the training set,the accuracy rate of predicting traffic is as high as%;however,in the test set,its accuracy has declined,and it is impossible to adjust its prediction strategy on time based on new data samples.However,in the new dataset,its accuracy has declined significantly.Therefore,this paper proposes a Botnet traffic detection system based on double-layer DQN(DDQN).Two Q-values are designed to adjust the model in policy and action,respectively,to achieve real-time model updates and improve the universality and robustness of the model under different data sets.Experiments show that compared with the DQN model,when using DDQN,the Q-value is not too high,and the detectionmodel has improved the accuracy and precision of Botnet traffic.Moreover,when using Botnet data sets other than the test set,the accuracy and precision of theDDQNmodel are still higher than DQN.展开更多
The rapid proliferation of Internet of Things(IoT)technology has facilitated automation across various sectors.Nevertheless,this advancement has also resulted in a notable surge in cyberattacks,notably botnets.As a re...The rapid proliferation of Internet of Things(IoT)technology has facilitated automation across various sectors.Nevertheless,this advancement has also resulted in a notable surge in cyberattacks,notably botnets.As a result,research on network analysis has become vital.Machine learning-based techniques for network analysis provide a more extensive and adaptable approach in comparison to traditional rule-based methods.In this paper,we propose a framework for analyzing communications between IoT devices using supervised learning and ensemble techniques and present experimental results that validate the efficacy of the proposed framework.The results indicate that using the proposed ensemble techniques improves accuracy by up to 1.7%compared to single-algorithm approaches.These results also suggest that the proposed framework can flexibly adapt to general IoT network analysis scenarios.Unlike existing frameworks,which only exhibit high performance in specific situations,the proposed framework can serve as a fundamental approach for addressing a wide range of issues.展开更多
The recent development of the Internet of Things(IoTs)resulted in the growth of IoT-based DDoS attacks.The detection of Botnet in IoT systems implements advanced cybersecurity measures to detect and reduce malevolent ...The recent development of the Internet of Things(IoTs)resulted in the growth of IoT-based DDoS attacks.The detection of Botnet in IoT systems implements advanced cybersecurity measures to detect and reduce malevolent botnets in interconnected devices.Anomaly detection models evaluate transmission patterns,network traffic,and device behaviour to detect deviations from usual activities.Machine learning(ML)techniques detect patterns signalling botnet activity,namely sudden traffic increase,unusual command and control patterns,or irregular device behaviour.In addition,intrusion detection systems(IDSs)and signature-based techniques are applied to recognize known malware signatures related to botnets.Various ML and deep learning(DL)techniques have been developed to detect botnet attacks in IoT systems.To overcome security issues in an IoT environment,this article designs a gorilla troops optimizer with DL-enabled botnet attack detection and classification(GTODL-BADC)technique.The GTODL-BADC technique follows feature selection(FS)with optimal DL-based classification for accomplishing security in an IoT environment.For data preprocessing,the min-max data normalization approach is primarily used.The GTODL-BADC technique uses the GTO algorithm to select features and elect optimal feature subsets.Moreover,the multi-head attention-based long short-term memory(MHA-LSTM)technique was applied for botnet detection.Finally,the tree seed algorithm(TSA)was used to select the optimum hyperparameter for the MHA-LSTM method.The experimental validation of the GTODL-BADC technique can be tested on a benchmark dataset.The simulation results highlighted that the GTODL-BADC technique demonstrates promising performance in the botnet detection process.展开更多
The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as P...The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as Peer-to-Peer(P2P)networks.The P2P botnets leverage the privileges of the decentralized nature of P2P networks.Consequently,the P2P botnets exploit the resilience of this architecture to be arduous against take-down procedures.Some P2P botnets are smarter to be stealthy in their Commandand-Control mechanisms(C2)and elude the standard discovery mechanisms.Therefore,the other side of this cyberwar is the monitor.The P2P botnet monitoring is an exacting mission because the monitoring must care about many aspects simultaneously.Some aspects pertain to the existing monitoring approaches,some pertain to the nature of P2P networks,and some to counter the botnets,i.e.,the anti-monitoring mechanisms.All these challenges should be considered in P2P botnet monitoring.To begin with,this paper provides an anatomy of P2P botnets.Thereafter,this paper exhaustively reviews the existing monitoring approaches of P2P botnets and thoroughly discusses each to reveal its advantages and disadvantages.In addition,this paper groups the monitoring approaches into three groups:passive,active,and hybrid monitoring approaches.Furthermore,this paper also discusses the functional and non-functional requirements of advanced monitoring.In conclusion,this paper ends by epitomizing the challenges of various aspects and gives future avenues for better monitoring of P2P botnets.展开更多
The mobile botnet, developed from the traditional PC-based botnets, has become a practical underlying trend. In this paper, we design a mobile botnet, which exploits a novel command and control (CC) strategy named P...The mobile botnet, developed from the traditional PC-based botnets, has become a practical underlying trend. In this paper, we design a mobile botnet, which exploits a novel command and control (CC) strategy named Push-Styled CC. It utilizes Google cloud messaging (GCM) service as the botnet channel. Compared with traditional botnet, Push-Styled CC avoids direct communications between botmasters and bots, which makes mobile botnets more stealthy and resilient. Since mobile devices users are sensitive to battery power and traffic consumption, Push- Styled botnet also applies adaptive network connection strategy to reduce traffic consumption and cost. To prove the efficacy of our design, we implemented the prototype of Push-Style CC in Android. The experiment results show that botnet traffic can be concealed in legal GCM traffic with low traffic cost.展开更多
The evolution and expansion of IoT devices reduced human efforts,increased resource utilization, and saved time;however, IoT devices createsignificant challenges such as lack of security and privacy, making them morev...The evolution and expansion of IoT devices reduced human efforts,increased resource utilization, and saved time;however, IoT devices createsignificant challenges such as lack of security and privacy, making them morevulnerable to IoT-based botnet attacks. There is a need to develop efficientand faster models which can work in real-time with efficiency and stability. The present investigation developed two novels, Deep Neural Network(DNN) models, DNNBoT1 and DNNBoT2, to detect and classify well-knownIoT botnet attacks such as Mirai and BASHLITE from nine compromisedindustrial-grade IoT devices. The utilization of PCA was made to featureextraction and improve effectual and accurate Botnet classification in IoTenvironments. The models were designed based on rigorous hyperparameterstuning with GridsearchCV. Early stopping was utilized to avoid the effects ofoverfitting and underfitting for both DNN models. The in-depth assessmentand evaluation of the developed models demonstrated that accuracy andefficiency are some of the best-performed models. The novelty of the presentinvestigation, with developed models, bridge the gaps by using a real datasetwith high accuracy and a significantly lower false alarm rate. The results wereevaluated based on earlier studies and deemed efficient at detecting botnetattacks using the real dataset.展开更多
基金the Liaoning Province Applied Basic Research Program,2023JH2/101600038.
文摘In the face of the increasingly severe Botnet problem on the Internet,how to effectively detect Botnet traffic in realtime has become a critical problem.Although the existing deepQnetwork(DQN)algorithminDeep reinforcement learning can solve the problem of real-time updating,its prediction results are always higher than the actual results.In Botnet traffic detection,although it performs well in the training set,the accuracy rate of predicting traffic is as high as%;however,in the test set,its accuracy has declined,and it is impossible to adjust its prediction strategy on time based on new data samples.However,in the new dataset,its accuracy has declined significantly.Therefore,this paper proposes a Botnet traffic detection system based on double-layer DQN(DDQN).Two Q-values are designed to adjust the model in policy and action,respectively,to achieve real-time model updates and improve the universality and robustness of the model under different data sets.Experiments show that compared with the DQN model,when using DDQN,the Q-value is not too high,and the detectionmodel has improved the accuracy and precision of Botnet traffic.Moreover,when using Botnet data sets other than the test set,the accuracy and precision of theDDQNmodel are still higher than DQN.
基金supported by Innovative Human Resource Development for Local Intellectualization program through the Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(IITP2024-00156287,50%)funded by the Institute for Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2022-0-01203,Regional Strategic Industry Convergence Security Core Talent Training Business,50%).
文摘The rapid proliferation of Internet of Things(IoT)technology has facilitated automation across various sectors.Nevertheless,this advancement has also resulted in a notable surge in cyberattacks,notably botnets.As a result,research on network analysis has become vital.Machine learning-based techniques for network analysis provide a more extensive and adaptable approach in comparison to traditional rule-based methods.In this paper,we propose a framework for analyzing communications between IoT devices using supervised learning and ensemble techniques and present experimental results that validate the efficacy of the proposed framework.The results indicate that using the proposed ensemble techniques improves accuracy by up to 1.7%compared to single-algorithm approaches.These results also suggest that the proposed framework can flexibly adapt to general IoT network analysis scenarios.Unlike existing frameworks,which only exhibit high performance in specific situations,the proposed framework can serve as a fundamental approach for addressing a wide range of issues.
文摘The recent development of the Internet of Things(IoTs)resulted in the growth of IoT-based DDoS attacks.The detection of Botnet in IoT systems implements advanced cybersecurity measures to detect and reduce malevolent botnets in interconnected devices.Anomaly detection models evaluate transmission patterns,network traffic,and device behaviour to detect deviations from usual activities.Machine learning(ML)techniques detect patterns signalling botnet activity,namely sudden traffic increase,unusual command and control patterns,or irregular device behaviour.In addition,intrusion detection systems(IDSs)and signature-based techniques are applied to recognize known malware signatures related to botnets.Various ML and deep learning(DL)techniques have been developed to detect botnet attacks in IoT systems.To overcome security issues in an IoT environment,this article designs a gorilla troops optimizer with DL-enabled botnet attack detection and classification(GTODL-BADC)technique.The GTODL-BADC technique follows feature selection(FS)with optimal DL-based classification for accomplishing security in an IoT environment.For data preprocessing,the min-max data normalization approach is primarily used.The GTODL-BADC technique uses the GTO algorithm to select features and elect optimal feature subsets.Moreover,the multi-head attention-based long short-term memory(MHA-LSTM)technique was applied for botnet detection.Finally,the tree seed algorithm(TSA)was used to select the optimum hyperparameter for the MHA-LSTM method.The experimental validation of the GTODL-BADC technique can be tested on a benchmark dataset.The simulation results highlighted that the GTODL-BADC technique demonstrates promising performance in the botnet detection process.
基金This work was supported by the Ministry of Higher Education Malaysia’s Fundamental Research Grant Scheme under Grant FRGS/1/2021/ICT07/USM/03/1.
文摘The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as Peer-to-Peer(P2P)networks.The P2P botnets leverage the privileges of the decentralized nature of P2P networks.Consequently,the P2P botnets exploit the resilience of this architecture to be arduous against take-down procedures.Some P2P botnets are smarter to be stealthy in their Commandand-Control mechanisms(C2)and elude the standard discovery mechanisms.Therefore,the other side of this cyberwar is the monitor.The P2P botnet monitoring is an exacting mission because the monitoring must care about many aspects simultaneously.Some aspects pertain to the existing monitoring approaches,some pertain to the nature of P2P networks,and some to counter the botnets,i.e.,the anti-monitoring mechanisms.All these challenges should be considered in P2P botnet monitoring.To begin with,this paper provides an anatomy of P2P botnets.Thereafter,this paper exhaustively reviews the existing monitoring approaches of P2P botnets and thoroughly discusses each to reveal its advantages and disadvantages.In addition,this paper groups the monitoring approaches into three groups:passive,active,and hybrid monitoring approaches.Furthermore,this paper also discusses the functional and non-functional requirements of advanced monitoring.In conclusion,this paper ends by epitomizing the challenges of various aspects and gives future avenues for better monitoring of P2P botnets.
基金Supported by the National Natural Science Foundation of China (61202353, 61272084, 61272422)Graduate Innovation Foundation of Jiangsu Province (CXLX13_464)Natural Science Foundation of Jiangsu Higher Education Institutions (12KJB520008)
文摘The mobile botnet, developed from the traditional PC-based botnets, has become a practical underlying trend. In this paper, we design a mobile botnet, which exploits a novel command and control (CC) strategy named Push-Styled CC. It utilizes Google cloud messaging (GCM) service as the botnet channel. Compared with traditional botnet, Push-Styled CC avoids direct communications between botmasters and bots, which makes mobile botnets more stealthy and resilient. Since mobile devices users are sensitive to battery power and traffic consumption, Push- Styled botnet also applies adaptive network connection strategy to reduce traffic consumption and cost. To prove the efficacy of our design, we implemented the prototype of Push-Style CC in Android. The experiment results show that botnet traffic can be concealed in legal GCM traffic with low traffic cost.
基金Authors would like to thank the Deanship of Scientific Research at Majmaah University for supporting this work under Project No.R-2021-220.
文摘The evolution and expansion of IoT devices reduced human efforts,increased resource utilization, and saved time;however, IoT devices createsignificant challenges such as lack of security and privacy, making them morevulnerable to IoT-based botnet attacks. There is a need to develop efficientand faster models which can work in real-time with efficiency and stability. The present investigation developed two novels, Deep Neural Network(DNN) models, DNNBoT1 and DNNBoT2, to detect and classify well-knownIoT botnet attacks such as Mirai and BASHLITE from nine compromisedindustrial-grade IoT devices. The utilization of PCA was made to featureextraction and improve effectual and accurate Botnet classification in IoTenvironments. The models were designed based on rigorous hyperparameterstuning with GridsearchCV. Early stopping was utilized to avoid the effects ofoverfitting and underfitting for both DNN models. The in-depth assessmentand evaluation of the developed models demonstrated that accuracy andefficiency are some of the best-performed models. The novelty of the presentinvestigation, with developed models, bridge the gaps by using a real datasetwith high accuracy and a significantly lower false alarm rate. The results wereevaluated based on earlier studies and deemed efficient at detecting botnetattacks using the real dataset.
