More Web Proxy on the site http://driver.im/

Article

HTTP botnet detection using adaptive learning rate multilayer feed-forward neural network

Authors:

G. Kirubavathi Venkatesh,

R. Anitha NadarajanAuthors Info & Claims

WISTP'12: Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems

Pages 38 - 48

https://doi.org/10.1007/978-3-642-30955-7_5

Published: 20 June 2012 Publication History

Abstract

Botnets have become a rampant platform for malicious attacks, which poses a significant threat to internet security. The recent botnets have begun using common protocols such as HTTP which makes it even harder to distinguish their communication patterns. Most of the HTTP bot communications are based on TCP connections. In this work some TCP related features have been identified for the detection of HTTP botnets. With these features a Multi-Layer Feed Forward Neural Network training model using Bold Driver Back-propagation learning algorithm is created. The algorithm has the advantage of dynamically changing the learning rate parameter during weight updation process. Using this approach, Spyeye and Zeus botnets are efficiently identified. A comparison of the actively trained neural network model with a C4.5 Decision Tree, Random Forest and Radial Basis Function indicated that the actively learned neural network model has better identification accuracy with less false positives.

References

[1]

Lai, G. H., Chen, C. M., Tzeng, R.Y., Laih, C. S., Faloutsos, C.: Botnet Detection by Abnormal IRC Traffic Analysis. In: Proceedings of the Fourth Joint Workshop on Information Security, JWIS (2009)

[2]

Sarkar, D.: Methods to speed up error back-propagation learning algorithm. ACM Computing Surveys 27(4), 519-542 (1995)

Digital Library

[3]

Nogueira, A., de Oliveira, M. R., Salvador, P., Valadas, R., Pacheco, A.: Classification of internet users using discriminant analysis and neural networks. In: First Conference on Traffic Engineering for the Next Generation Internet, pp. 341-348 (April 2005)

[4]

Debar, H., Becker, M., Siboni, D.: A neural network component for an intrusion detection system. In: Proceedings of the ACM/IEEE Symposium on Research in Security and Privacy, Los Almitos, CA, May 4-6, pp. 240-250 (1992)

Digital Library

[5]

Salvador, P., Nogueira, A., Franca, U., Valadas, R.: Framework for Zombie Detection Using Neural Networks. In: Proceedings of the Fourth International IEEE Conference on Internet Monitoring and Protection ICIMP 2009, pp. 14-16 (2009)

Digital Library

[6]

Freiling, F.C., Holz, T., Wicherski, G.: Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks. In: di Vimercati, S.d.C., Syverson, P. F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 319-335. Springer, Heidelberg (2005)

Digital Library

[7]

Goebel, J., Holz, T.: Rishi: Identify bot contaminated hosts by irc nickname evaluation. In: Proceedings of USENIX HotBots 2007 (2007)

Digital Library

[8]

Binkley, J. R., Singh, S.: An algorithm for anomaly based botnet detection. In: Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet (SRUTI 2006), San Jose, CA (July 2006)

Digital Library

[9]

Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-scale botnet detection and characterization. In: First Workshop on Hot Topics in Understanding Botnets (HotBots 2007), Cambridge, MA (April 2007)

Digital Library

[10]

Dagon, D.: Botnet Detection and Response. In: Operations, Analysis and Research Center Workshop (July 2005)

[11]

Masud, M. M., Al-khateeb, T., Khan, L., Thuraisingham, B., Hamlen, K. W.: Flow- based identification of Botnet traffic by mining multiple log files. In: Proceedings of the International Conference on Distributed Framework & Application, Penang, Malaysia (2008)

[12]

Chen, C.-M., Ou, Y.-H., Tsai, Y.-C.: Web Botnet Detection based on Flow Information. In: International Computer Symposium 2010, pp. 381-384. IEEE (2010)

[13]

Wang, B., Li, Z., Li, D., Liu, F., Chen, H.: Modeling Connections Behavior for WebBased Bots Detection. In: IEEE International Conference on e-Business and Information System Security, EBISS 2010, Wuhan, pp. 1-4 (2010)

[14]

Gu, G., et al.: BotMiner: Clustering Analysis of Network traffic for protocol and structure independent botnet detection. In: Proceedings of 17th Conference on Security Symposium, pp. 139-154. ACM Digital Library (2008)

Digital Library

[15]

Shalabi, A. L., Shaaban, Z.: Normalization as a preprocessing engine for data mining and the approach of preference matrix. In: Proceedings of the International IEEE Conference on Dependability of Computer Systems, 2006, pp. 207-214 (2006)

Digital Library

[16]

Moradi, M., Zulkernine, M.: A neural network based system for intrusion detection and classification of attacks. In: Proceedings of the 2004 IEEE International Conference on Advances in Intelligent Systems - Theory and Applications, Luxembourg-Kirchberg, Canada, November 15-18 (2004)

[17]

Kukielka, P., Kotulski, Z.: Analysis of Different Architectures of Neural Networks for Application in Intrusion Detection Systems. In: Proceedings of the IEEE International Multi Conference on Computer Science and Information Technology, pp. 807-811 (2008)

[18]

Abbes, T., Bouhoula, A., Rusinowitch, M.: Protocol Analysis in Intrusion Detection Using Decision Tree. In: Proceedings of the IEEE International Conference on Information Technology: Coding and Computing (ITCC 2004), pp. 404-408 (April 2004)

Digital Library

[19]

Zhang, J., Zulkernine, M., Haque, A.: Random-Forests-Based Network Intrusion Detection System. IEEE Transactions on Systems, Man, and Cybernetics 38(5), 649-659 (2008)

Digital Library

[20]

Rapaka, A., Novokhodko, A., Wunsch, D.: Intrusion detection using radial basis function network on sequence of system calls. In: Proceedings of the IEEE International Joint Conference on Neural Networks (IJCNN 2003), Portland, OR, USA, July 20-24, vol. 3, pp. 1820-1825 (2003)

[21]

Jiang, J., Zhang, C., Kamel, M.: RBF-based real-time hierarchical intrusion detection systems. In: Proceedings of the IEEE International Joint Conference on Neural Networks (IJCNN 2003), Portland, OR, USA, July 20-24, vol. 2, pp. 1512-1516. IEEE Press (2003)

[22]

Zhang, C., Jiang, J., Kamel, M.: Comparison of BPL and RBF Network in Intrusion Detection System. In: Wang, G., Liu, Q., Yao, Y., Skowron, A. (eds.) RSFDGrC 2003. LNCS (LNAI), vol. 2639, p. 466-470. Springer, Heidelberg (2003)

Digital Library

[23]

Anotnio, N., Salvador, P., Blessa, F.: A Botnet Detection System Based on Neural Networks. In: Proceedings of Fifth International Conference on Digital Telecommunications, pp. 57-62 (2010)

Digital Library

[24]

Binsalleeh, H., Ormerod, T., Bouhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L.: On the Analysis of the Zeus Botnet Crimeware Toolkit. In: Proceedings of the IEEE Eighth Annual Conference on Privacy, Security and Trust, PST, Ottawa, Canada, August 17-19 (2010)

[25]

Xu, T., He, D., Luo, Y.: DDoS attack detection based on RLT features. In: Proceedings of International Conference on Computational Intelligence and Security, pp. 697-700 (2007)

Digital Library

Cited By

Kim JSim AKim JWu KHahm JCafaro MKim JSim A(2020)Transfer Learning Approach for Botnet Detection Based on Recurrent Variational AutoencoderProceedings of the 3rd International Workshop on Systems and Network Telemetry and Analytics10.1145/3391812.3396273(41-47)Online publication date: 23-Jun-2020
https://dl.acm.org/doi/10.1145/3391812.3396273
Hsu FOu CHwang YChang YLin P(2017)Detecting Web-Based Botnets Using Bot Communication Traffic FeaturesSecurity and Communication Networks10.1155/2017/59603072017Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1155/2017/5960307
Karami A(2015)ACCPndnJournal of Network and Computer Applications10.1016/j.jnca.2015.05.01756:C(1-18)Online publication date: 1-Oct-2015
https://dl.acm.org/doi/10.1016/j.jnca.2015.05.017
Show More Cited By

HTTP botnet detection using adaptive learning rate multilayer feed-forward neural network

Recommendations

Structural simplification of a feed-forward, multilayer perceptron artificial neural network
ICASSP '91: Proceedings of the Acoustics, Speech, and Signal Processing, 1991. ICASSP-91., 1991 International Conference

Several methods to reduce the excessive number of neurons and synaptic weights in a feedforward, multilayer perceptron artificial neural network (ANN) are presented. To reduce the synaptic weights, the authors replace the original weight matrix by a ...
Intrusion Detection and Attack Classification Using Feed-Forward Neural Network
ICCNT '10: Proceedings of the 2010 Second International Conference on Computer and Network Technology

Fast Internet growth and increase in number of users make network security essential in recent decades. Lately one of the most hot research topics in network security is intrusion detection systems (IDSs) which try to keep security at the highest level. ...
The Activity Analysis of Malicious HTTP-Based Botnets Using Degree of Periodic Repeatability
SECTECH '08: Proceedings of the 2008 International Conference on Security Technology

The malicious botnets are evaluated as the serious threat of the Internet society in future. As the botnets are more clever and artful, the detection of botnets is not easy. Recently malicious botnets evolve into HTTP botnets out of typical IRC botnets ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

WISTP'12: Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems

June 2012

223 pages

ISBN:9783642309540

Editors:
Ioannis Askoxylakis
FORTH-ICS, Vassilika Vouton, Heraklion, Crete, Greece
,
Henrich C. Pöhls
University of Passau, Innstrasse 43, Passau, Crete, Germany
,
Joachim Posegga
University of Passau, Innstrasse 43, Passau, Crete, Germany

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 20 June 2012

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kim JSim AKim JWu KHahm JCafaro MKim JSim A(2020)Transfer Learning Approach for Botnet Detection Based on Recurrent Variational AutoencoderProceedings of the 3rd International Workshop on Systems and Network Telemetry and Analytics10.1145/3391812.3396273(41-47)Online publication date: 23-Jun-2020
https://dl.acm.org/doi/10.1145/3391812.3396273
Hsu FOu CHwang YChang YLin P(2017)Detecting Web-Based Botnets Using Bot Communication Traffic FeaturesSecurity and Communication Networks10.1155/2017/59603072017Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1155/2017/5960307
Karami A(2015)ACCPndnJournal of Network and Computer Applications10.1016/j.jnca.2015.05.01756:C(1-18)Online publication date: 1-Oct-2015
https://dl.acm.org/doi/10.1016/j.jnca.2015.05.017
Haddadi FRunkel DZincir-Heywood AHeywood MArnold D(2014)On botnet behaviour analysis using GP and C4.5Proceedings of the Companion Publication of the 2014 Annual Conference on Genetic and Evolutionary Computation10.1145/2598394.2605435(1253-1260)Online publication date: 12-Jul-2014
https://dl.acm.org/doi/10.1145/2598394.2605435

View Options

View options

Media

Figures

Other

Tables

View Table of Contents