Journal on Communications ›› 2021, Vol. 42 ›› Issue (7): 95-106.doi: 10.11959/j.issn.1000-436x.2021082
• Papers • Previous Articles Next Articles
Futai ZOU, Yue TAN, Lin WANG, Yongkang JIANG
Revised:
2020-12-20
Online:
2021-07-25
Published:
2021-07-01
Supported by:
CLC Number:
Futai ZOU, Yue TAN, Lin WANG, Yongkang JIANG. Botnet detection based on generative adversarial network[J]. Journal on Communications, 2021, 42(7): 95-106.
"
特征名称 | 含义 | 类型 |
Protocol | 传输层协议 | 基本特征 |
Duration | 流持续时间 | 基于异常行为的特征 |
Reconnect | 重连次数 | 基于异常行为的特征 |
PX | 交换包数量 | 基于异常行为的特征 |
IOPR | 输入包数量/输出包数量 | 基于异常行为的特征 |
NNP | 交换空包数 | 基于异常行为的特征 |
NSP | 交换小数据包数量 | 基于异常行为的特征 |
PSP | 交换小数据包百分比 | 基于异常行为的特征 |
FPS | 第一个包的长度 | 基于异常行为的特征 |
TBT | 总字节数 | 基于流相似的特征 |
APL | 平均数据包长度 | 基于流相似的特征 |
DPL | 相同长度包数/总包数 | 基于流相似的特征 |
PV | 数据包长度标准差 | 基于流相似的特征 |
BS | 每秒平均比特数量 | 基于流相似的特征 |
PPS | 每秒平均包数量 | 基于流相似的特征 |
AIT | 数据包平均到达时间 | 基于流相似的特征 |
"
僵尸网络 | 类型 | 训练集 | 测试集 |
Neris | IRC | √(12%) | √(5.67%) |
Rbot | IRC | √(22%) | √(0.018%) |
Menti | IRC | × | √(0.62%) |
Sogou | HTTP | × | √(0.019%) |
Murlo | IRC | × | √(1.06%) |
Virut | HTTP | √(0.94%) | √(12.8%) |
NSIS | P2P | √(2.48%) | √(0.165%) |
Zenus | P2P | √(0.01%) | √(0.109%) |
SMTP Spam | P2P | √(6.48%) | √(4.72%) |
UDP Storm | P2P | × | √(9.63%) |
Tbot | IRC | × | √(0.283%) |
Zero Access | P2P | × | √(0.221%) |
Weasal | P2P | × | √(9.25%) |
Smoke Bot | P2P | × | √(0.017%) |
Zenus control (C&C) | P2P | √(0.01%) | √(0.006%) |
ISCX IRC bot | P2P | × | √(0.387%) |
"
特征 | 准确率 | 精度 | 召回率 | F1分数 |
基本特征 | 0.747 3 | 0.734 1 | 0.694 7 | 0.704 0 |
异常行为特征 | 0.743 9 | 0.737 6 | 0.676 9 | 0.686 7 |
流相似特征 | 0.854 4 | 0.840 2 | 0.858 3 | 0.846 4 |
基本特征&异常行为特征 | 0.741 1 | 0.726 5 | 0.686 0 | 0.695 0 |
基本特征&流相似特征 | 0.862 3 | 0.847 7 | 0.857 5 | 0.852 0 |
异常行为特征&流相似特征 | 0.852 0 | 0.837 0 | 0.849 7 | 0.842 1 |
全部特征 | 0.855 1 | 0.915 5 | 0.823 8 | 0.867 2 |
[1] | CenturyLink. 2019 threat report[R]. CenturyLink Black Lotus Labs, 2019. |
[2] | NAIR H S , VINODH E S E . A study on botnet detection techniques[J]. International Journal of Scientific and Research Publications, 2012,2(4): 2-4. |
[3] | ANTONAKAKIS M , APRIL T , BAILEY M ,et al. Understanding the Mirai botnet[C]// 26th USENIX Security Symposium. Berkeley:USENIX Association, 2017: 1093-1110. |
[4] | KESSEM L . The Necursbotnet:a pandora’s box of malicious spam[R]. Security Intelligence, 2017. |
[5] | CHECKPOINT R T . JAFF——a new ransomware is in town,and it’s widely spread by the infamous Necursbotnet[R]. Checkpoint Research Team, 2017. |
[6] | KARL S . Crypto-jacking:how cyber-criminals are exploiting the crypto-currency boom[J]. Computer Fraud & Security, 2018(9): 12-14. |
[7] | SophosLabs Research Team . Emotet exposed:looking inside highly destructive malware[J]. Network Security, 2019(6): 6-11. |
[8] | Distil Networks . 2019 bad bot report[R]. Distil Networks, 2019. |
[9] | WAJEEHA A . Why botnets persist:designing effective technical and policy interventions[J]. MIT Internet Policy Research Initiative, 2019(2): 1-52. |
[10] | BEEK C , DUNTON T , FOKKER J ,et al. Mcafee labs threats report[R]. McAfee Report, 2019. |
[11] | ESMAEILI S , SHAHRIARI H R . PodBot:a new botnet detection method by host and network-based analysis[C]// 2019 27th Iranian Conference on Electrical Engineering. Piscataway:IEEE Press, 2019: 1900-1904. |
[12] | TOKHTABAYEV A G , SKORMIN V A . Non-stationary Markov models and anomaly propagation analysis in IDS[C]// Third International Symposium on Information Assurance and Security. Piscataway:IEEE Press, 2007: 203-208. |
[13] | SHARAFALDIN I , GHARIB A , LASHKARI A H ,et al. BotViz:a memory forensic-based botnet detection and visualization approach[C]// 2017 International Carnahan Conference on Security Technology. Piscataway:IEEE Press, 2017: 1-8. |
[14] | CREECH G , HU J K . A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns[J]. IEEE Transactions on Computers, 2014,63(4): 807-819. |
[15] | BARUAH S . Botnet detection:analysis of various techniques[J]. International Journal of Computational Intelligence & IoT, 2019,2(2): 1-7. |
[16] | GU G F . Botnet detection in enterprise networks[M]. Berlin: Springer, 2011. |
[17] | YAHYAZADEH M , ABADI M . BotCatch:botnet detection based on coordinated group activities of compromised hosts[C]// 7th International Symposium on Telecommunications. Piscataway:IEEE Press, 2014: 941-945. |
[18] | GU G , PORRAS P A , YEGNESWARAN V ,et al. Bothunter:detecting malware infection through ids-driven dialog correlation[C]// USENIX Security Symposium. Berkeley:USENIX Association, 2007: 1-16. |
[19] | GU G , ZHANG J , LEE W . BotSniffer:detecting botnet command and control channels in network traffic[C]// The Network and Distributed System Security Symposium. Saarland:DBLP, 2008: 1-19. |
[20] | GU G , PERDISCI R , ZHANG J ,et al. Botminer:clustering analysis of network traffic for protocol-and structure-independent botnet detection[C]// Proceedings of the 17th USENIX Security Symposium. Berkeley:USENIX Association, 2008: 1-16. |
[21] | ZHAO D , TRAORE I , SAYED B ,et al. Botnet detection based on traffic behavior analysis and flow intervals[J]. Computers & Security, 2013,39: 2-16. |
[22] | KARIM A , SALLEH R B , SHIRAZ M ,et al. Botnet detection techniques:review,future trends,and issues[J]. Journal of Zhejiang University SCIENCE C, 2014,15(11): 943-983. |
[23] | TORRES P , CATANIA C , GARCIA S ,et al. An analysis of recurrent neural networks for botnet detection behavior[C]// 2016 IEEE Biennial Congress of Argentina. Piscataway:IEEE Press, 2016: 1-6. |
[24] | HOMAYOUN S , AHMADZADEH M , HASHEMI S ,et al. BotShark:a deep learning approach for botnet traffic detection[M]. Berlin: Springer, 2018. |
[25] | VINAYAKUMAR R , SOMAN K P , POORNACHANDRAN P ,et al. DBD:deep learning DGA-based botnet detection[M]. Berlin: Springer, 2019. |
[26] | MCDERMOTT C D , MAJDANI F , PETROVSKI A V . Botnet detection in the Internet of things using deep learning approaches[C]// 2018 International Joint Conference on Neural Networks. Piscataway:IEEE Press, 2018: 1-8. |
[27] | MEIDAN Y , BOHADANA M , MATHOV Y ,et al. N-BaIoT——network-based detection of IoT botnet attacks using deep autoencoders[J]. IEEE Pervasive Computing, 2018,17(3): 12-22. |
[28] | HE K M , ZHANG X Y , REN S Q ,et al. Deep residual learning for image recognition[C]// 2016 IEEE Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2016: 770-778. |
[29] | KIM J Y , BU S J , CHO S B . Malware detection using deep transferred generative adversarial networks[C]// International Conference on Neural Information Processing. Berlin:Springer, 2017: 556-564. |
[30] | KIM J Y , BU S J , CHO S B . Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders[J]. Information Sciences, 2018,460/461: 83-102. |
[31] | YIN C L , ZHU Y F , LIU S L ,et al. An enhancing framework for botnet detection using generative adversarial networks[C]// 2018 International Conference on Artificial Intelligence and Big Data. Piscataway:IEEE Press, 2018: 228-234. |
[32] | ZHU F , YE F , FU Y C ,et al. Electrocardiogram generation with a bidirectional LSTM-CNN generative adversarial network[J]. Scientific Reports, 2019,9:6734. |
[33] | RADFORD A , METZ L , CHINTALA S . Unsupervised representation learning with deep convolutional generative adversarial networks[J]. arXiv Preprint,arXiv:1511.06434, 2015. |
[34] | OORD A , DIELEMAN S , ZEN H ,et al. WaveNet:a generative model for raw audio[J]. arXiv Preprint,arXiv:1609.03499, 2016. |
[35] | MEHRI S , KUMAR K , GULRAJANI I ,et al. SampleRNN:an unconditional end-to-end neural audio generation model[J]. arXiv Preprint,arXiv:1612.07837, 2016. |
[36] | MOGREN O . C-RNN-GAN:continuous recurrent neural networks with adversarial training[J]. arXiv Preprint,arXiv:1611.09904, 2016. |
[37] | YU Y , SRIVASTAVA A , CANALES S . Conditional LSTM-GAN for melody generation from lyrics[J]. ACM Transactions on Multimedia Computing,Communications,and Applications, 2021,17(1): 1-20. |
[38] | GARCíA S , GRILL M , STIBOREK J ,et al. An empirical comparison of botnet detection methods[J]. Computers & Security, 2014,45: 100-123. |
[39] | KORONIOTIS N , MOUSTAFA N , SITNIKOVA E ,et al. Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics:bot-IoT dataset[J]. Future Generation Computer Systems, 2019,100: 779-796. |
[40] | SHIRAVI A , SHIRAVI H , TAVALLAEE M ,et al. Toward developing a systematic approach to generate benchmark datasets for intrusion detection[J]. Computers & Security, 2012,31(3): 357-374. |
[41] | MIRSKY Y , DOITSHMAN T , ELOVICI Y ,et al. Kitsune:an ensemble of autoencoders for online network intrusion detection[J]. arXiv Preprint,arXiv:1802.09089, 2018. |
[42] | BIGLAR BEIGI E , HADIAN JAZI H , STAKHANOVA N ,et al. Towards effective feature selection in machine learning-based botnet detection approaches[C]// 2014 IEEE Conference on Communications and Network Security. Piscataway:IEEE Press, 2014: 247-255. |
[43] | AVIV A J , HAEBERLEN A . Challenges in experimenting with botnet detection systems[C]// 4th USENIX Workshop on Cyber Security Experimentation and Test. Berkeley:USENIX Association, 2011: 1-8. |
[1] | Dongyu CHEN, Hua CHEN, Limin FAN, Yifang FU, Jian WANG. Research on test strategy for randomness based on deep learning [J]. Journal on Communications, 2023, 44(6): 23-33. |
[2] | Rongpeng LI, Bingyan WANG, Honggang ZHANG, Zhifeng ZHAO. Design of knowledge enhanced semantic communication receiver [J]. Journal on Communications, 2023, 44(6): 70-76. |
[3] | Shuai MA, Ke PEI, Huayan QI, Hang LI, Wen CAO, Hongmei WANG, Hailiang XIONG, Shiyin LI. Research on geomagnetic indoor high-precision positioning algorithm based on generative model [J]. Journal on Communications, 2023, 44(6): 211-222. |
[4] | Yuling LIU, Cuilin WANG, Zhangjie FU. Generative text steganography method based on emotional expression in semantic space [J]. Journal on Communications, 2023, 44(4): 176-186. |
[5] | Qianyi DAI, Bin ZHANG, Song GUO, Kaiyong XU. Blockchain network layer anomaly traffic detection method based on multiple classifier integration [J]. Journal on Communications, 2023, 44(3): 66-80. |
[6] | Chao XIA, Yaqi LIU, Qingxiao GUAN, Xin JIN, Yanshuo ZHANG, Shengwei XU. Steganalysis of JPEG images using non-linear residuals [J]. Journal on Communications, 2023, 44(1): 142-152. |
[7] | Hui LI, Jiali JIN, Shuyu JIN, Weijiao MA. Text steganography method based on automatic selection coding and dynamic word selection strategy [J]. Journal on Communications, 2022, 43(9): 240-253. |
[8] | Jie YANG, Biao DONG, Xue FU, Yu WANG, Guan GUI. Lightweight decentralized learning-based automatic modulation classification method [J]. Journal on Communications, 2022, 43(7): 134-142. |
[9] | Ang LI, Jianxin CHEN, Xin WEI, Liang ZHOU. 6G-oriented cross-modal signal reconstruction technology [J]. Journal on Communications, 2022, 43(6): 28-40. |
[10] | Xiuzhang YANG, Guojun PENG, Zichuan LI, Yangqi LYU, Side LIU, Chenguang LI. Research on entity recognition and alignment of APT attack based on Bert and BiLSTM-CRF [J]. Journal on Communications, 2022, 43(6): 58-70. |
[11] | Xiaodan WANG, Jingtai LI, Yafei SONG. DDAC: a feature extraction method for model of image steganalysis based on convolutional neural network [J]. Journal on Communications, 2022, 43(5): 68-81. |
[12] | Yong LIAO, Shiyi WANG. CSI feedback algorithm based on RM-Net for massive MIMO systems in high-speed mobile environment [J]. Journal on Communications, 2022, 43(5): 166-176. |
[13] | Yurong LIAO, Haining WANG, Cunbao LIN, Yang LI, Yuqiang FANG, Shuyan NI. Research progress of deep learning-based object detection of optical remote sensing image [J]. Journal on Communications, 2022, 43(5): 190-203. |
[14] | Zenghua ZHAO, Yuefan TONG, Jiayang CUI. Device-independent Wi-Fi fingerprinting indoor localization model based on domain adaptation [J]. Journal on Communications, 2022, 43(4): 143-153. |
[15] | Gaofeng HE, Qianfeng WEI, Xiancai XIAO, Haiting ZHU, Bingfeng XU. Confirmation method for the detection of malicious encrypted traffic with data privacy protection [J]. Journal on Communications, 2022, 43(2): 156-170. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|