Journal on Communications ›› 2018, Vol. 39 ›› Issue (8): 18-28.doi: 10.11959/j.issn.1000-436x.2018135
• Artificial Intelligence and Network Security • Previous Articles Next Articles
Di WU1,2,Binxing FANG3,4,5,Xiang CUI1,3(),Qixu LIU1,2
Revised:
2018-07-10
Online:
2018-08-01
Published:
2018-09-13
Supported by:
CLC Number:
Di WU,Binxing FANG,Xiang CUI,Qixu LIU. BotCatcher:botnet detection system based on deep learning[J]. Journal on Communications, 2018, 39(8): 18-28.
"
研究方向 | 研究进展 | 研究团队 | 存在问题 |
基于IDS的误用检测技术 | 提出一种以IDS为驱动基于状态的检测系统[ | 德克萨斯A&M大学 | 加密流量、无法检测未知攻击需要建立特征模板库、难以识别 |
根据不同协议的僵尸网络分别建立检测模型[ | 维也纳技术大学 | ||
从主机行为和通信模式这2个方面对流量进行聚类[ | 德克萨斯A&M大学 | ||
基于聚类的异常检测技术 | 采用时间窗模式对实时聚类结果进行关联[ | 沙希德贝赫什提大学 | 需要人工提取特征、聚类关联分析繁杂 |
通过客户端重合度等特征聚类挖掘可疑服务器[ | 德克萨斯A&M大学 | ||
针对IRC僵尸网络设计多种分类器[ | 雷神BBN技术中心 | ||
基于分类的异常检测技术 | 针对P2P僵尸网络设计多种分类器[ | 维多利亚大学 | 需要人工提取特征、多针对指定类型僵尸网络、多使用简单的分类算法 |
采用随机森林模型动态选取特征构造检测系统[ | 赛门铁克研究实验室 | ||
采用算法过滤多余无关特征并剪枝缩小数据集[ | 哈立法大学 | ||
利用带有反向传播机制的前馈神经网络进行分类[ | PSG技术学院 | ||
基于深度学习的检测技术 | 利用RNN提取网络流状态序列特征[ | 门多萨大学 | 只使用一种深度学习算法、学习得到的特征类型单一 |
利用CNN在图形分类中的方法提取网络流特征[ | 中国科学技术大学 |
"
统计数据 | Conficker | Neris | Zeus |
总数据流 | 18 855 | 9 480 | 23 146 |
总数据分组 | 154 838 | 195 971 | 488 858 |
总字节 | 9.36×106 | 3.48×107 | 3.17×108 |
每条数据流字节数最大值 | 19 942 | 864 526 | 81 095 |
每条数据流字节数最小值 | 232 | 60 | 306 |
每条数据流字节数平均值 | 496 | 3 675 | 13 678 |
每条数据流字节数众数 | 480 | 372 | 3 496 |
每条数据流数据分组数最大值 | 268 | 6 662 | 92 |
每条数据流数据分组数最小值 | 4 | 1 | 5 |
每条数据流数据分组数平均值 | 8 | 20 | 21 |
每条数据流数据分组数众数 | 8 | 6 | 10 |
每个数据分组字节数最大值 | 1 466 | 10 274 | 1 474 |
每个数据分组字节数最小值 | 54 | 60 | 54 |
每个数据分组字节数平均值 | 60 | 177 | 647 |
每个数据分组字节数众数 | 62 | 60 | 54 |
[1] | CUI X , FANG B , SHI J ,et al. Botnet triple-channel model:towards resilient and efficient bidirectional communication botnets[C]// International Conference on Security and Privacy in Communication Systems. 2013: 53-68. |
[2] | KOLIAS C , KAMBOURAKIS G , STAVROU A ,et al. DDoS in the IoT:mirai and other botnets[J]. Computer, 2017,50(7): 80-84. |
[3] | EHRENFELD J M . Wannacry,cybersecurity and health information technology:a time to act[J]. Journal of Medical Systems, 2017,41(7):104. |
[4] | LIVADAS C , WALSH R , LAPSLEY D ,et al. Usilng machine learning technliques to identify botnet traffic[C]// 31st IEEE Conference on Local Computer Networks. 2006: 967-974. |
[5] | KONDO S , SATO N . Botnet traffic detection techniques by C&C session classification using SVM[C]// International Workshop on Security. 2007: 91-104. |
[6] | BILGE L , BALZAROTTI D , ROBERTSON W ,et al. Disclosure:detecting botnet command and control servers through large-scale netflow analysis[C]// The 28th Annual Computer Security Applications Conference. 2012: 129-138. |
[7] | FRAN?OIS J , WANG S , ENGEL T . BotTrack:tracking botnets using NetFlow and PageRank[C]// International Conference on Research in Networking. 2011: 1-14. |
[8] | GU G , PERDISCI R , ZHANG J ,et al. BotMiner:clustering analysis of network traffic for protocol-and structure-independent botnet detection[C]// USENIX Security Symposium. 2008: 139-154. |
[9] | CUI X , FANG B X , YIN L H ,et al. Andbot:towards advanced mobile botnets[C]// The 4th Usenix Workshop on Large-scale Exploits and Emergent Threats. 2011:11. |
[10] | ZHANG J , SAHA S , GU G ,et al. Systematic mining of associated server herds for malware campaign discovery[C]// 2015 IEEE 35th International Conference on Distributed Computing Systems (ICDCS). 2015: 630-641. |
[11] | 崔鹏飞, 裘玥, 孙瑞 . 面向网络内容安全的图像识别技术研究[J]. 信息网络安全, 2015(9): 154-157. |
CUI P F , QIU Y , SUN R . Research on image recognition technology for the network content security[J]. Netinfo Security, 2015(9): 154-157. | |
[12] | GUL K S Q 尹继泽, 潘丽敏, ,等. 基于深度神经网络的命名实体识别方法研究[J]. 信息网络安全, 2017(10): 29-35. |
GUL K S Q , YIN J Z , PAN L M ,等. Research on the algorithm of named entity recognition based on deep neural network[J]. Netinfo Security, 2017(10): 29-35. | |
[13] | ILGUN K , . USTAT:a real-time intrusion detection system for UNIX[C]// 1993 IEEE Computer Society Symposium on Research in Security and Privacy. 1993: 16-28. |
[14] | VIGNA G , KEMMERER R A . NetSTAT:a network-based intrusion detection approach[C]// 14th Annual Computer Security Applications Conference. 1998: 25-34. |
[15] | GU G , PORRAS P A , YEGNESWARAN V ,et al. BotHunter:detecting malware infection through IDS-driven dialog correlation[C]// USENIX Security Symposium. 2007: 1-16. |
[16] | WURZINGER P , BILGE L , HOLZ T ,et al. Automatically generating models for botnet detection[C]// European Symposium on Research in Computer Security. 2009: 232-249. |
[17] | ARSHAD S , ABBASPOUR M , KHARRAZI M ,et al. An anomaly-based botnet detection approach for identifying stealthy botnets[C]// 2011 IEEE International Conference on Computer Applications and Industrial Electronics (ICCAIE). 2011: 564-569. |
[18] | SAAD S , TRAORE I , GHORBANI A ,et al. Detecting P2P botnets through network behavior analysis and machine learning[C]// 2011 Ninth Annual International Conference on Privacy,Security and Trust (PST). 2011: 174-180. |
[19] | AL-JARRAH O Y , ALHUSSEIN O , YOO P D ,et al. Data randomization and cluster-based partitioning for botnet intrusion detection[J]. IEEE Transactions on Cybernetics, 2016,46(8): 1796-1806. |
[20] | VENKATESH G K , NADARAJAN R A . HTTP botnet detection using adaptive learning rate multilayer feed-forward neural network[C]// WISTP. 2012: 38-48. |
[21] | TORRES P , CATANIA C , GARCIA S ,et al. An analysis of recurrent neural networks for botnet detection behavior[C]// 2016 IEEE Biennial Congress of Argentina (ARGENCON). 2016: 1-6. |
[22] | WANG W , ZHU M , ZENG X ,et al. Malware traffic classification using convolutional neural network for representation learning[C]// 2017 International Conference on Information Networking (ICOIN). 2017: 712-717. |
[23] | 王勇, 周惠怡, 俸皓 ,等. 基于深度卷积神经网络的网络流量分类方法[J]. 通信学报, 2018,39(1): 14-23. |
WANG Y , ZHOU H Y , FENG H ,et al. Network traffic classification method basing on CNN[J]. Journal on Communications, 2018,39(1): 14-23. | |
[24] | HADDADI F , PHAN D T , ZINCIR-HEYWOOD A N . How to choose from different botnet detection systems?[C]// Network Operations and Management Symposium (NOMS). 2016: 1079-1084. |
[25] | ZHAO D , TRAORE I , SAYED B ,et al. Botnet detection based on traffic behavior analysis and flow intervals[J]. Computers & Security, 2013,39: 2-16. |
[26] | WATSON D , RIDEN J . The honeynet project:data collection tools,infrastructure,archives and analysis[C]// WOMBAT Workshop on Information Security Threats Data Collection and Sharing. 2008: 24-30. |
[27] | SZABó G , ORINCSAY D , MALOMSOKY S , et al . On the validation of traffic classification algorithms[C]// International Conference on Passive and Active Network Measurement. 2008: 72-81. |
[1] | Dongyu CHEN, Hua CHEN, Limin FAN, Yifang FU, Jian WANG. Research on test strategy for randomness based on deep learning [J]. Journal on Communications, 2023, 44(6): 23-33. |
[2] | Rongpeng LI, Bingyan WANG, Honggang ZHANG, Zhifeng ZHAO. Design of knowledge enhanced semantic communication receiver [J]. Journal on Communications, 2023, 44(6): 70-76. |
[3] | Yang GAO, Hongli ZHANG. Survey on community detection method based on random walk [J]. Journal on Communications, 2023, 44(6): 198-210. |
[4] | Shuai MA, Ke PEI, Huayan QI, Hang LI, Wen CAO, Hongmei WANG, Hailiang XIONG, Shiyin LI. Research on geomagnetic indoor high-precision positioning algorithm based on generative model [J]. Journal on Communications, 2023, 44(6): 211-222. |
[5] | Jinzhi ZHENG, Ruyi JI, Libo ZHANG, Chen ZHAO. End-to-end scene text detection and recognition algorithm based on Transformer decoders [J]. Journal on Communications, 2023, 44(5): 64-78. |
[6] | Xin SUN, Guifu ZHANG, Hongyan XING, Wang Zenghui. Research on intrusion detection for maritime meteorological sensor network based on balancing generative adversarial network [J]. Journal on Communications, 2023, 44(4): 124-136. |
[7] | Qianyi DAI, Bin ZHANG, Song GUO, Kaiyong XU. Blockchain network layer anomaly traffic detection method based on multiple classifier integration [J]. Journal on Communications, 2023, 44(3): 66-80. |
[8] | Bingpeng ZHOU, Shanshan MA. Simultaneous vehicular location and velocity detection towards 6G integrated communication and sensing [J]. Journal on Communications, 2023, 44(3): 81-92. |
[9] | Feibo JIANG, Yubo PENG, Li DONG. Deep image semantic communication model for 6G [J]. Journal on Communications, 2023, 44(3): 198-208. |
[10] | Shuangyan YI, Yongsheng LIANG, Jingjing LU, Wei LIU, Tao HU, Zhenyu HE. Robust feature selection method via joint low-rank reconstruction and projection reconstruction [J]. Journal on Communications, 2023, 44(3): 209-219. |
[11] | Helin SUN, Hongyuan GAO, Yanan DU, Jianhua CHENG, Yapeng LIU. Joint estimation method of target number and orientation parameters for FDA-MIMO radar [J]. Journal on Communications, 2023, 44(2): 41-51. |
[12] | Weigang HUO, Rui LIANG, Yonghua LI. Anomaly detection model for multivariate time series based on stochastic Transformer [J]. Journal on Communications, 2023, 44(2): 94-103. |
[13] | Guojun LI, Cuiling XIANG, Changrong YE, Zunli WANG. Fast link-establishment method of integrated of communication and detection based on short-wave digital channelization [J]. Journal on Communications, 2023, 44(1): 89-102. |
[14] | Hongyu YANG, Haiyun YANG, Liang ZHANG, Xiang CHENG. Feature dependence graph based source code loophole detection method [J]. Journal on Communications, 2023, 44(1): 103-117. |
[15] | Yanhua LIU, Jiaqi LI, Zhengui OU, Xiaoling GAO, Ximeng LIU, Weizhi MENG, Baoxu LIU. Adversarial training driven malicious code detection enhancement method [J]. Journal on Communications, 2022, 43(9): 169-180. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|