A Novel Ensemble Anomaly based Approach for Command and Control Channel Detection

被引：3

作者：

Chen, Tao ^{[1
]}

Zhou, Guangming ^{[2
]}

Liu, Zhangpu ^{[3
,4
]}

Jing, Tao ^{[5
]}

机构：

[1] Informat Ctr 2, POB 1711, Beijing, Peoples R China

[2] China Natl Salt Ind Grp Co Ltd, Beijing, Peoples R China

[3] Chinese Acad Sci, Inst Informat Engn, Beijing, Peoples R China

[4] Univ Chinese Acad Sci, Sch Cyber Secur, Beijing, Peoples R China

[5] Chinese Acad Sci, Off Gen Affairs, 52 Sanlihe Rd, Beijing, Peoples R China

来源：

2020 4TH INTERNATIONAL CONFERENCE ON CRYPTOGRAPHY, SECURITY AND PRIVACY (ICCSP 2020) | 2020年

关键词：

Network Security; Botnet; C&C Channel; Network Behavior;

D O I：

10.1145/3377644.3377652

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The C&C Channel is an indispensable characteristic of botnet. Recognizing and blocking the C&C Channel is of great importance to eliminate the threats of botnet. To overcome the limitation of major behavior based methods, we propose a new ensemble anomaly based approach, which only uses the normal traffic for training. It consists of two detectors which profile and analysis the behavior deviations from different aspects. It has the advantages of reducing the false alarms of traditional anomaly detectors and improving the detection performance. We evaluated it on 5 different datasets and achieved good detection performance.

引用

页码：74 / 78

页数：5

共 50 条

[21] AN IMPROVED ENSEMBLE APPROACH FOR DOS ATTACKS DETECTION
Alguliyev, R. M.
Aliguliyev, R. M.
Imamverdiyev, Y. N.
Sukhostat, L., V
RADIO ELECTRONICS COMPUTER SCIENCE CONTROL, 2018, (02) : 73 - 82
[22] Anomaly detection based on fuzzy rules
Jiao W.
Li Q.
International Journal of Performability Engineering, 2018, 14 (02) : 376 - 385
[23] A hybrid machine learning approach to network anomaly detection
Shon, Taeshik
Moon, Jongsub
INFORMATION SCIENCES, 2007, 177 (18) : 3799 - 3821
[24] A large deviations approach to statistical traffic anomaly detection
Paschalidis, Ioannis Ch.
Smaragdakis, Georgios
PROCEEDINGS OF THE 45TH IEEE CONFERENCE ON DECISION AND CONTROL, VOLS 1-14, 2006, : 1901 - +
[25] DroidMalHunter: A Novel Entropy-based Anomaly Detection System to Detect Malicious Android Applications
Ghaffari, Fariba
Abadi, Mahdi
2015 5TH INTERNATIONAL CONFERENCE ON COMPUTER AND KNOWLEDGE ENGINEERING (ICCKE), 2015, : 301 - 306
[26] BotDet: A System for Real Time Botnet Command and Control Traffic Detection
Ghafir, Ibrahim
Prenosil, Vaclav
Hammoudeh, Mohammad
Baker, Thar
Jabbar, Sohail
Khalid, Shehzad
Jaf, Sardar
IEEE ACCESS, 2018, 6 : 38947 - 38958
[27] Anomaly Traffic Detection Based on PCA and SFAM
Somwang, Preecha
Lilakiatsakun, Woraphon
INTERNATIONAL ARAB JOURNAL OF INFORMATION TECHNOLOGY, 2015, 12 (03) : 253 - 260
[28] Anomaly detection based on efficient Euclidean projection
Yang, Longqi
Hu, Guyu
Li, Dong
Wang, Yibing
Jia, Bo
Pan, Zhisong
SECURITY AND COMMUNICATION NETWORKS, 2015, 8 (17) : 3229 - 3237
[29] A HMM-BASED METHOD FOR ANOMALY DETECTION
Wang, Fei
Zhu, Hongliang
Tian, Bin
Xin, Yang
Niu, Xinxin
Yang, Yu
2011 4TH IEEE INTERNATIONAL CONFERENCE ON BROADBAND NETWORK AND MULTIMEDIA TECHNOLOGY (4TH IEEE IC-BNMT2011), 2011, : 276 - 280
[30] Semi-Supervised Statistical Approach for Network Anomaly Detection
Aissa, Naila Belhadj
Guerroumia, Mohamed
7TH INTERNATIONAL CONFERENCE ON AMBIENT SYSTEMS, NETWORKS AND TECHNOLOGIES (ANT 2016) / THE 6TH INTERNATIONAL CONFERENCE ON SUSTAINABLE ENERGY INFORMATION TECHNOLOGY (SEIT-2016) / AFFILIATED WORKSHOPS, 2016, 83 : 1090 - 1095

← 1 2 3 4 5 →