BotCatcher：基于深度学习的僵尸网络检测系统

吴迪; 方滨兴; 崔翔; 刘奇旭

doi:10.11959/j.issn.1000-436x.2018135

您当前的位置：

首页 >

文章列表页 >

BotCatcher：基于深度学习的僵尸网络检测系统

论文Ⅰ：人工智能与网络安全 | 更新时间：2024-06-05

- BotCatcher：基于深度学习的僵尸网络检测系统
- BotCatcher:botnet detection system based on deep learning
- 通信学报 2018年39卷第8期页码：18-28
- 作者机构：
  
  1. 中国科学院信息工程研究所，北京 100093
  2. 中国科学院大学网络空间安全学院，北京 100049
  3. 广州大学网络空间先进技术研究院，广东广州 510006
  4. 电子科技大学广东电子信息工程研究院，广东东莞 523808
  5. 北京邮电大学网络空间安全学院，北京 100876
- 作者简介：
  
  [ "吴迪（1991-），男，辽宁抚顺人，中国科学院大学博士生，主要研究方向为网络攻防技术。" ]
  [ "方滨兴（1960-），男，江西万年人，中国工程院院士，北京邮电大学教授、博士生导师，主要研究方向为计算机体系结构、计算机网络与信息安全。" ]
  [ "崔翔（1978-），男，黑龙江讷河人，博士，广州大学研究员，主要研究方向为网络攻防技术。" ]
  [ "刘奇旭（1984-），男，江苏徐州人，博士，中国科学院副研究员、中国科学院大学副教授，主要研究方向为网络攻防技术、网络安全评测。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2016YFB0801604);东莞市引进创新科研团队计划基金资助项目(201636000100038);中国科学院网络测评技术重点实验室和网络安全防护技术北京市重点实验室基金资助项目
- DOI：10.11959/j.issn.1000-436x.2018135
  中图分类号： TP309.5
- 网络首发：2018-08，
  
  纸质出版：2018-08-25
- 稿件说明：
移动端阅览
吴迪, 方滨兴, 崔翔, 等. BotCatcher：基于深度学习的僵尸网络检测系统[J]. 通信学报, 2018,39(8):18-28.

Di WU, Binxing FANG, Xiang CUI, et al. BotCatcher:botnet detection system based on deep learning[J]. Journal on Communications, 2018, 39(8): 18-28.
吴迪, 方滨兴, 崔翔, 等. BotCatcher：基于深度学习的僵尸网络检测系统[J]. 通信学报, 2018,39(8):18-28. DOI： 10.11959/j.issn.1000-436x.2018135.

Di WU, Binxing FANG, Xiang CUI, et al. BotCatcher:botnet detection system based on deep learning[J]. Journal on Communications, 2018, 39(8): 18-28. DOI： 10.11959/j.issn.1000-436x.2018135.

摘要

机器学习技术在僵尸网络检测领域具有广泛应用，但随着僵尸网络形态和命令控制机制逐渐变化，人工特征选取变得越来越困难。为此，提出基于深度学习的僵尸网络检测系统——BotCatcher，从时间和空间这 2 个维度自动化提取网络流量特征，通过结合多种深层神经网络结构建立分类器。BotCatcher不依赖于任何有关协议和拓扑的先验知识，不需要人工选取特征。实验结果表明，该模型性能良好，能够对僵尸网络流量进行准确识别。

Abstract

Machine learning technology has wide application in botnet detection.However

with the changes of the forms and command and control mechanisms of botnets

selecting features manually becomes increasingly difficult.To solve this problem

a botnet detection system called BotCatcher based on deep learning was proposed.It automatically extracted features from time and space dimension

and established classifier through multiple neural network constructions.BotCatcher does not depend on any prior knowledge which about the protocol and the topology

and works without manually selecting features.The experimental results show that the proposed model has good performance in botnet detection and has ability to accurately identify botnet traffic .

关键词

Keywords

references

CUI X , FANG B , SHI J , et al . Botnet triple-channel model:towards resilient and efficient bidirectional communication botnets [C ] // International Conference on Security and Privacy in Communication Systems . 2013 : 53 - 68 .

KOLIAS C , KAMBOURAKIS G , STAVROU A , et al . DDoS in the IoT:mirai and other botnets [J ] . Computer , 2017 , 50 ( 7 ): 80 - 84 .

EHRENFELD J M . Wannacry,cybersecurity and health information technology:a time to act [J ] . Journal of Medical Systems , 2017 , 41 ( 7 ):104.

LIVADAS C , WALSH R , LAPSLEY D , et al . Usilng machine learning technliques to identify botnet traffic [C ] // 31st IEEE Conference on Local Computer Networks . 2006 : 967 - 974 .

KONDO S , SATO N . Botnet traffic detection techniques by C＆C session classification using SVM [C ] // International Workshop on Security . 2007 : 91 - 104 .

BILGE L , BALZAROTTI D , ROBERTSON W , et al . Disclosure:detecting botnet command and control servers through large-scale netflow analysis [C ] // The 28th Annual Computer Security Applications Conference . 2012 : 129 - 138 .

FRANÇOIS J , WANG S , ENGEL T . BotTrack:tracking botnets using NetFlow and PageRank [C ] // International Conference on Research in Networking . 2011 : 1 - 14 .

GU G , PERDISCI R , ZHANG J , et al . BotMiner:clustering analysis of network traffic for protocol-and structure-independent botnet detection [C ] // USENIX Security Symposium . 2008 : 139 - 154 .

CUI X , FANG B X , YIN L H , et al . Andbot:towards advanced mobile botnets [C ] // The 4th Usenix Workshop on Large-scale Exploits and Emergent Threats . 2011 :11.

ZHANG J , SAHA S , GU G , et al . Systematic mining of associated server herds for malware campaign discovery [C ] // 2015 IEEE 35th International Conference on Distributed Computing Systems (ICDCS) . 2015 : 630 - 641 .

崔鹏飞 , 裘玥 , 孙瑞 . 面向网络内容安全的图像识别技术研究 [J ] . 信息网络安全 , 2015 ( 9 ): 154 - 157 .

CUI P F , QIU Y , SUN R . Research on image recognition technology for the network content security [J ] . Netinfo Security , 2015 ( 9 ): 154 - 157 .

GUL K S Q 尹继泽 , 潘丽敏 , , 等 . 基于深度神经网络的命名实体识别方法研究 [J ] . 信息网络安全 , 2017 ( 10 ): 29 - 35 .

GUL K S Q , YIN J Z , PAN L M , 等 . Research on the algorithm of named entity recognition based on deep neural network [J ] . Netinfo Security , 2017 ( 10 ): 29 - 35 .

ILGUN K , . USTAT:a real-time intrusion detection system for UNIX [C ] // 1993 IEEE Computer Society Symposium on Research in Security and Privacy . 1993 : 16 - 28 .

VIGNA G , KEMMERER R A . NetSTAT:a network-based intrusion detection approach [C ] // 14th Annual Computer Security Applications Conference . 1998 : 25 - 34 .

GU G , PORRAS P A , YEGNESWARAN V , et al . BotHunter:detecting malware infection through IDS-driven dialog correlation [C ] // USENIX Security Symposium . 2007 : 1 - 16 .

WURZINGER P , BILGE L , HOLZ T , et al . Automatically generating models for botnet detection [C ] // European Symposium on Research in Computer Security . 2009 : 232 - 249 .

ARSHAD S , ABBASPOUR M , KHARRAZI M , et al . An anomaly-based botnet detection approach for identifying stealthy botnets [C ] // 2011 IEEE International Conference on Computer Applications and Industrial Electronics (ICCAIE) . 2011 : 564 - 569 .

SAAD S , TRAORE I , GHORBANI A , et al . Detecting P2P botnets through network behavior analysis and machine learning [C ] // 2011 Ninth Annual International Conference on Privacy,Security and Trust (PST) . 2011 : 174 - 180 .

AL-JARRAH O Y , ALHUSSEIN O , YOO P D , et al . Data randomization and cluster-based partitioning for botnet intrusion detection [J ] . IEEE Transactions on Cybernetics , 2016 , 46 ( 8 ): 1796 - 1806 .

VENKATESH G K , NADARAJAN R A . HTTP botnet detection using adaptive learning rate multilayer feed-forward neural network [C ] // WISTP . 2012 : 38 - 48 .

TORRES P , CATANIA C , GARCIA S , et al . An analysis of recurrent neural networks for botnet detection behavior [C ] // 2016 IEEE Biennial Congress of Argentina (ARGENCON) . 2016 : 1 - 6 .

WANG W , ZHU M , ZENG X , et al . Malware traffic classification using convolutional neural network for representation learning [C ] // 2017 International Conference on Information Networking (ICOIN) . 2017 : 712 - 717 .

王勇 , 周惠怡 , 俸皓 , 等 . 基于深度卷积神经网络的网络流量分类方法 [J ] . 通信学报 , 2018 , 39 ( 1 ): 14 - 23 .

WANG Y , ZHOU H Y , FENG H , et al . Network traffic classification method basing on CNN [J ] . Journal on Communications , 2018 , 39 ( 1 ): 14 - 23 .

HADDADI F , PHAN D T , ZINCIR-HEYWOOD A N . How to choose from different botnet detection systems? [C ] // Network Operations and Management Symposium (NOMS) . 2016 : 1079 - 1084 .

ZHAO D , TRAORE I , SAYED B , et al . Botnet detection based on traffic behavior analysis and flow intervals [J ] . Computers ＆ Security , 2013 , 39 : 2 - 16 .

WATSON D , RIDEN J . The honeynet project:data collection tools,infrastructure,archives and analysis [C ] // WOMBAT Workshop on Information Security Threats Data Collection and Sharing . 2008 : 24 - 30 .

SZABÓ G , ORINCSAY D , MALOMSOKY S , et al . On the validation of traffic classification algorithms [C ] // International Conference on Passive and Active Network Measurement . 2008 : 72 - 81 .

浏览量

4054

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于生成对抗网络的僵尸网络检测

基于历史数据的异常域名检测算法

基于置信度差异与熵最小化的跨时间鲁棒射频指纹识别方法

基于API时序关系图的恶意软件检测方法

无人机辅助的6G空地一体化网络多维度资源动态分配算法研究