基于生成对抗网络的僵尸网络检测
Botnet detection based on generative adversarial network
- 通信学报 2021年42卷第7期 页码:95-106
- 作者机构:
上海交通大学网络空间安全学院,上海 200240
- 作者简介:
[ "邹福泰(1973− ),男,江西安福人,博士,上海交通大学高级工程师,主要研究方向为网络威胁感知和网络攻防技术" ]
[ "谭越(1995− ),男,陕西西安人,上海交通大学硕士生,主要研究方向为网络攻防技术" ]
[ "王林(1996− ),男,山东济南人,上海交通大学硕士生,主要研究方向为机器学习和威胁情报挖掘" ]
[ "蒋永康(1996− ),男,贵州遵义人,上海交通大学博士生,主要研究方向为机器学习和恶意软件分析" ]
- 基金信息:国家重点研发计划基金资助项目(2020YFB1807500)
DOI:10.11959/j.issn.1000-436x.2021082
中图分类号: TP393.08-
网络首发:2021-07,
纸质出版:2021-07-25
- 稿件说明:
移动端阅览
邹福泰, 谭越, 王林, 等. 基于生成对抗网络的僵尸网络检测[J]. 通信学报, 2021,42(7):95-106.
Futai ZOU, Yue TAN, Lin WANG, et al. Botnet detection based on generative adversarial network[J]. Journal on Communications, 2021, 42(7): 95-106.
邹福泰, 谭越, 王林, 等. 基于生成对抗网络的僵尸网络检测[J]. 通信学报, 2021,42(7):95-106. DOI: 10.11959/j.issn.1000-436x.2021082.
Futai ZOU, Yue TAN, Lin WANG, et al. Botnet detection based on generative adversarial network[J]. Journal on Communications, 2021, 42(7): 95-106. DOI: 10.11959/j.issn.1000-436x.2021082.
摘要
为了解决僵尸网络隐蔽性强、难以识别等问题,提高僵尸网络检测精度,提出了基于生成对抗网络的僵尸网络检测方法。首先,通过将僵尸网络流量中的数据包重组为流,分别提取时间维度的流量统计特征和空间维度的流量图像特征;然后,基于生成对抗网络的僵尸网络流量特征生成算法,在2个维度生产僵尸网络特征样本;最后,结合深度学习在僵尸网络检测场景下的应用,提出了基于DCGAN的僵尸网络检测模型和基于BiLSTM-GAN的僵尸网络检测模型。实验表明,所提模型提高了僵尸网络检测能力和泛化能力。
Abstract
In order to solve the problems of botnets’ strong concealment and difficulty in identification
and improve the detection accuracy of botnets
a botnet detection method based on generative adversarial networks was proposed.By reorganizing the data packets in the botnet traffic into streams
the traffic statistics characteristics in the time dimension and the traffic image characteristics in the space dimension were extracted respectively.Then with the botnet traffic feature generation algorithm based on generative adversarial network
botnet feature samples were produced in the two dimensions.Finally combined with the application of deep learning in botnet detection scenarios
a botnet detection model based on DCGAN and a botnet detection model based on BiLSTM-GAN were proposed.Experiments show that the proposed model improves the botnet detection ability and generalization ability.
关键词
Keywords
references
CenturyLink . 2019 threat report [R ] . CenturyLink Black Lotus Labs , 2019 .
NAIR H S , VINODH E S E . A study on botnet detection techniques [J ] . International Journal of Scientific and Research Publications , 2012 , 2 ( 4 ): 2 - 4 .
ANTONAKAKIS M , APRIL T , BAILEY M , et al . Understanding the Mirai botnet [C ] // 26th USENIX Security Symposium . Berkeley:USENIX Association , 2017 : 1093 - 1110 .
KESSEM L . The Necursbotnet:a pandora’s box of malicious spam [R ] . Security Intelligence , 2017 .
CHECKPOINT R T . JAFF——a new ransomware is in town,and it’s widely spread by the infamous Necursbotnet [R ] . Checkpoint Research Team , 2017 .
KARL S . Crypto-jacking:how cyber-criminals are exploiting the crypto-currency boom [J ] . Computer Fraud & Security , 2018 ( 9 ): 12 - 14 .
SophosLabs Research Team . Emotet exposed:looking inside highly destructive malware [J ] . Network Security , 2019 ( 6 ): 6 - 11 .
Distil Networks . 2019 bad bot report [R ] . Distil Networks , 2019 .
WAJEEHA A . Why botnets persist:designing effective technical and policy interventions [J ] . MIT Internet Policy Research Initiative , 2019 ( 2 ): 1 - 52 .
BEEK C , DUNTON T , FOKKER J , et al . Mcafee labs threats report [R ] . McAfee Report , 2019 .
ESMAEILI S , SHAHRIARI H R . PodBot:a new botnet detection method by host and network-based analysis [C ] // 2019 27th Iranian Conference on Electrical Engineering . Piscataway:IEEE Press , 2019 : 1900 - 1904 .
TOKHTABAYEV A G , SKORMIN V A . Non-stationary Markov models and anomaly propagation analysis in IDS [C ] // Third International Symposium on Information Assurance and Security . Piscataway:IEEE Press , 2007 : 203 - 208 .
SHARAFALDIN I , GHARIB A , LASHKARI A H , et al . BotViz:a memory forensic-based botnet detection and visualization approach [C ] // 2017 International Carnahan Conference on Security Technology . Piscataway:IEEE Press , 2017 : 1 - 8 .
CREECH G , HU J K . A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns [J ] . IEEE Transactions on Computers , 2014 , 63 ( 4 ): 807 - 819 .
BARUAH S . Botnet detection:analysis of various techniques [J ] . International Journal of Computational Intelligence & IoT , 2019 , 2 ( 2 ): 1 - 7 .
GU G F . Botnet detection in enterprise networks [M ] . Berlin : Springer , 2011 .
YAHYAZADEH M , ABADI M . BotCatch:botnet detection based on coordinated group activities of compromised hosts [C ] // 7th International Symposium on Telecommunications . Piscataway:IEEE Press , 2014 : 941 - 945 .
GU G , PORRAS P A , YEGNESWARAN V , et al . Bothunter:detecting malware infection through ids-driven dialog correlation [C ] // USENIX Security Symposium . Berkeley:USENIX Association , 2007 : 1 - 16 .
GU G , ZHANG J , LEE W . BotSniffer:detecting botnet command and control channels in network traffic [C ] // The Network and Distributed System Security Symposium . Saarland:DBLP , 2008 : 1 - 19 .
GU G , PERDISCI R , ZHANG J , et al . Botminer:clustering analysis of network traffic for protocol-and structure-independent botnet detection [C ] // Proceedings of the 17th USENIX Security Symposium . Berkeley:USENIX Association , 2008 : 1 - 16 .
ZHAO D , TRAORE I , SAYED B , et al . Botnet detection based on traffic behavior analysis and flow intervals [J ] . Computers & Security , 2013 , 39 : 2 - 16 .
KARIM A , SALLEH R B , SHIRAZ M , et al . Botnet detection techniques:review,future trends,and issues [J ] . Journal of Zhejiang University SCIENCE C , 2014 , 15 ( 11 ): 943 - 983 .
TORRES P , CATANIA C , GARCIA S , et al . An analysis of recurrent neural networks for botnet detection behavior [C ] // 2016 IEEE Biennial Congress of Argentina . Piscataway:IEEE Press , 2016 : 1 - 6 .
HOMAYOUN S , AHMADZADEH M , HASHEMI S , et al . BotShark:a deep learning approach for botnet traffic detection [M ] . Berlin : Springer , 2018 .
VINAYAKUMAR R , SOMAN K P , POORNACHANDRAN P , et al . DBD:deep learning DGA-based botnet detection [M ] . Berlin : Springer , 2019 .
MCDERMOTT C D , MAJDANI F , PETROVSKI A V . Botnet detection in the Internet of things using deep learning approaches [C ] // 2018 International Joint Conference on Neural Networks . Piscataway:IEEE Press , 2018 : 1 - 8 .
MEIDAN Y , BOHADANA M , MATHOV Y , et al . N-BaIoT——network-based detection of IoT botnet attacks using deep autoencoders [J ] . IEEE Pervasive Computing , 2018 , 17 ( 3 ): 12 - 22 .
HE K M , ZHANG X Y , REN S Q , et al . Deep residual learning for image recognition [C ] // 2016 IEEE Conference on Computer Vision and Pattern Recognition . Piscataway:IEEE Press , 2016 : 770 - 778 .
KIM J Y , BU S J , CHO S B . Malware detection using deep transferred generative adversarial networks [C ] // International Conference on Neural Information Processing . Berlin:Springer , 2017 : 556 - 564 .
KIM J Y , BU S J , CHO S B . Zero-day malware detection using transferred generative adversarial networks based on deep autoencoders [J ] . Information Sciences , 2018 , 460 / 461 : 83 - 102 .
YIN C L , ZHU Y F , LIU S L , et al . An enhancing framework for botnet detection using generative adversarial networks [C ] // 2018 International Conference on Artificial Intelligence and Big Data . Piscataway:IEEE Press , 2018 : 228 - 234 .
ZHU F , YE F , FU Y C , et al . Electrocardiogram generation with a bidirectional LSTM-CNN generative adversarial network [J ] . Scientific Reports , 2019 ,9:6734.
RADFORD A , METZ L , CHINTALA S . Unsupervised representation learning with deep convolutional generative adversarial networks [J ] . arXiv Preprint,arXiv:1511.06434 , 2015 .
OORD A , DIELEMAN S , ZEN H , et al . WaveNet:a generative model for raw audio [J ] . arXiv Preprint,arXiv:1609.03499 , 2016 .
MEHRI S , KUMAR K , GULRAJANI I , et al . SampleRNN:an unconditional end-to-end neural audio generation model [J ] . arXiv Preprint,arXiv:1612.07837 , 2016 .
MOGREN O . C-RNN-GAN:continuous recurrent neural networks with adversarial training [J ] . arXiv Preprint,arXiv:1611.09904 , 2016 .
YU Y , SRIVASTAVA A , CANALES S . Conditional LSTM-GAN for melody generation from lyrics [J ] . ACM Transactions on Multimedia Computing,Communications,and Applications , 2021 , 17 ( 1 ): 1 - 20 .
GARCÍA S , GRILL M , STIBOREK J , et al . An empirical comparison of botnet detection methods [J ] . Computers & Security , 2014 , 45 : 100 - 123 .
KORONIOTIS N , MOUSTAFA N , SITNIKOVA E , et al . Towards the development of realistic botnet dataset in the Internet of Things for network forensic analytics:bot-IoT dataset [J ] . Future Generation Computer Systems , 2019 , 100 : 779 - 796 .
SHIRAVI A , SHIRAVI H , TAVALLAEE M , et al . Toward developing a systematic approach to generate benchmark datasets for intrusion detection [J ] . Computers & Security , 2012 , 31 ( 3 ): 357 - 374 .
MIRSKY Y , DOITSHMAN T , ELOVICI Y , et al . Kitsune:an ensemble of autoencoders for online network intrusion detection [J ] . arXiv Preprint,arXiv:1802.09089 , 2018 .
BIGLAR BEIGI E , HADIAN JAZI H , STAKHANOVA N , et al . Towards effective feature selection in machine learning-based botnet detection approaches [C ] // 2014 IEEE Conference on Communications and Network Security . Piscataway:IEEE Press , 2014 : 247 - 255 .
AVIV A J , HAEBERLEN A . Challenges in experimenting with botnet detection systems [C ] // 4th USENIX Workshop on Cyber Security Experimentation and Test . Berkeley:USENIX Association , 2011 : 1 - 8 .
0
浏览量
1035
下载量
0
CSCD
- 网络PDF下载
- XML下载
- Meta-XML下载
- BibTeX下载
- Endnote下载
- RefMan 下载
- NoteExpress下载
- NoteFirst下载
关联资源
相关文章
相关作者
相关机构
AI问答- 技术支持由北京北大方正电子有限公司提供 京ICP备09064830号-19
京公网安备11010802024621 - 本系统建议在Chrome、 IE9+ 以上版本浏览器阅读本站内容,360浏览器请切换至极速模式
- Cookies帮助我们提供服务并提供个性化体验。使用本网站,即表示您同意我们使用Cookies
- 总访问量:583784 今日访问量:1600