Visible to the public Biblio

Filters: Keyword is Botnet  [Clear All Filters]
2022-07-12
Hu, Xiaoyan, Shu, Zhuozhuo, Song, Xiaoyi, Cheng, Guang, Gong, Jian.  2021.  Detecting Cryptojacking Traffic Based on Network Behavior Features. 2021 IEEE Global Communications Conference (GLOBECOM). :01—06.
Bitcoin and other digital cryptocurrencies have de-veloped rapidly in recent years. To reduce hardware and power costs, many criminals use the botnet to infect other hosts to mine cryptocurrency for themselves, which has led to the proliferation of mining botnets and is referred to as cryptojacking. At present, the mechanisms specific to cryptojacking detection include host-based, Deep Packet Inspection (DPI) based, and dynamic network characteristics based. Host-based detection requires detection installation and running at each host, and the other two are heavyweight. Besides, DPI-based detection is a breach of privacy and loses efficacy if encountering encrypted traffic. This paper de-signs a lightweight cryptojacking traffic detection method based on network behavior features for an ISP, without referring to the payload of network traffic. We set up an environment to collect cryptojacking traffic and conduct a cryptojacking traffic study to obtain its discriminative network traffic features extracted from only the first four packets in a flow. Our experimental study suggests that the machine learning classifier, random forest, based on the extracted discriminative network traffic features can accurately and efficiently detect cryptojacking traffic.
2022-06-15
Pan, Pengyu, Ma, Xiaobo, Bian, Huafeng.  2021.  Exploiting Bitcoin Mining Pool for Stealthy and Flexible Botnet Channels. 2021 8th International Conference on Dependable Systems and Their Applications (DSA). :741–742.
Botnets are used by hackers to conduct cyber attacks and pose a huge threat to Internet users. The key of botnets is the command and control (C&C) channels. Security researchers can keep track of a botnet by capturing and analyzing the communication traffic between C&C servers and bots. Hence, the botmaster is constantly seeking more covert C&C channels to stealthily control the botnet. This paper designs a new botnet dubbed mp-botnet wherein bots communicate with each other based on the Stratum mining pool protocol. The mp-botnet botnet completes information transmission according to the communication method of the Stratum protocol. The communication traffic in the botnet is disguised as the traffic between the mining pool and the miners in a Bitcoin network, thereby achieving better stealthiness and flexibility.
2022-06-09
Thom, Jay, Shah, Yash, Sengupta, Shamik.  2021.  Correlation of Cyber Threat Intelligence Data Across Global Honeypots. 2021 IEEE 11th Annual Computing and Communication Workshop and Conference (CCWC). :0766–0772.
Today's global network is filled with attackers both live and automated seeking to identify and compromise vulnerable devices, with initial scanning and attack activity occurring within minutes or even seconds of being connected to the Internet. To better understand these events, honeypots can be deployed to monitor and log activity by simulating actual Internet facing services such as SSH, Telnet, HTTP, or FTP, and malicious activity can be logged as attempts are made to compromise them. In this study six multi-service honeypots are deployed in locations around the globe to collect and catalog traffic over a period of several months between March and December, 2020. Analysis is performed on various characteristics including source and destination IP addresses and port numbers, usernames and passwords utilized, commands executed, and types of files downloaded. In addition, Cowrie log data is restructured to observe individual attacker sessions, study command sequences, and monitor tunneling activity. This data is then correlated across honeypots to compare attack and traffic patterns with the goal of learning more about the tactics being employed. By gathering data gathered from geographically separate zones over a long period of time a greater understanding can be developed regarding attacker intent and methodology, can aid in the development of effective approaches to identifying malicious behavior and attack sources, and can serve as a cyber-threat intelligence feed.
2022-04-13
Whittle, Cameron S., Liu, Hong.  2021.  Effectiveness of Entropy-Based DDoS Prevention for Software Defined Networks. 2021 IEEE International Symposium on Technologies for Homeland Security (HST). :1—7.
This work investigates entropy-based prevention of Distributed Denial-of-Service (DDoS) attacks for Software Defined Networks (SDN). The experiments are conducted on a virtual SDN testbed setup within Mininet, a Linux-based network emulator. An arms race iterates on the SDN testbed between offense, launching botnet-based DDoS attacks with progressive sophistications, and defense who is deploying SDN controls with emerging technologies from other faucets of cyber engineering. The investigation focuses on the transmission control protocol’s synchronize flood attack that exploits vulnerabilities in the three-way TCP handshake protocol, to lock up a host from serving new users.The defensive strategy starts with a common packet filtering-based design from the literature to mitigate attacks. Utilizing machine learning algorithms, SDNs actively monitor all possible traffic as a collective dataset to detect DDoS attacks in real time. A constant upgrade to a stronger defense is necessary, as cyber/network security is an ongoing front where attackers always have the element of surprise. The defense further invests on entropy methods to improve early detection of DDoS attacks within the testbed environment. Entropy allows SDNs to learn the expected normal traffic patterns for a network as a whole using real time mathematical calculations, so that the SDN controllers can sense the distributed attack vectors building up before they overwhelm the network.This work reveals the vulnerabilities of SDNs to stealthy DDoS attacks and demonstrates the effectiveness of deploying entropy in SDN controllers for detection and mitigation purposes. Future work includes provisions to use these entropy detection methods, as part of a larger system, to redirect traffic and protect networks dynamically in real time. Other types of DoS, such as ransomware, will also be considered.
2022-04-12
Furumoto, Keisuke, Umizaki, Mitsuhiro, Fujita, Akira, Nagata, Takahiko, Takahashi, Takeshi, Inoue, Daisuke.  2021.  Extracting Threat Intelligence Related IoT Botnet From Latest Dark Web Data Collection. 2021 IEEE International Conferences on Internet of Things (iThings) and IEEE Green Computing Communications (GreenCom) and IEEE Cyber, Physical Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics (Cybermatics). :138—145.
As it is easy to ensure the confidentiality of users on the Dark Web, malware and exploit kits are sold on the market, and attack methods are discussed in forums. Some services provide IoT Botnet to perform distributed denial-of-service (DDoS as a Service: DaaS), and it is speculated that the purchase of these services is made on the Dark Web. By crawling such information and storing it in a database, threat intelligence can be obtained that cannot otherwise be obtained from information on the Surface Web. However, crawling sites on the Dark Web present technical challenges. For this paper, we implemented a crawler that can solve these challenges. We also collected information on markets and forums on the Dark Web by operating the implemented crawler. Results confirmed that the dataset collected by crawling contains threat intelligence that is useful for analyzing cyber attacks, particularly those related to IoT Botnet and DaaS. Moreover, by uncovering the relationship with security reports, we demonstrated that the use of data collected from the Dark Web can provide more extensive threat intelligence than using information collected only on the Surface Web.
2022-03-14
Mehra, Misha, Paranjape, Jay N., Ribeiro, Vinay J..  2021.  Improving ML Detection of IoT Botnets using Comprehensive Data and Feature Sets. 2021 International Conference on COMmunication Systems NETworkS (COMSNETS). :438—446.
In recent times, the world has seen a tremendous increase in the number of attacks on IoT devices. A majority of these attacks have been botnet attacks, where an army of compromised IoT devices is used to launch DDoS attacks on targeted systems. In this paper, we study how the choice of a dataset and the extracted features determine the performance of a Machine Learning model, given the task of classifying Linux Binaries (ELFs) as being benign or malicious. Our work focuses on Linux systems since embedded Linux is the more popular choice for building today’s IoT devices and systems. We propose using 4 different types of files as the dataset for any ML model. These include system files, IoT application files, IoT botnet files and general malware files. Further, we propose using static, dynamic as well as network features to do the classification task. We show that existing methods leave out one or the other features, or file types and hence, our model outperforms them in terms of accuracy in detecting these files. While enhancing the dataset adds to the robustness of a model, utilizing all 3 types of features decreases the false positive and false negative rates non-trivially. We employ an exhaustive scenario based method for evaluating a ML model and show the importance of including each of the proposed files in a dataset. We also analyze the features and try to explain their importance for a model, using observed trends in different benign and malicious files. We perform feature extraction using the open source Limon sandbox, which prior to this work has been tested only on Ubuntu 14. We installed and configured it for Ubuntu 18, the documentation of which has been shared on Github.
2022-01-31
Baumann, Lukas, Heftrig, Elias, Shulman, Haya, Waidner, Michael.  2021.  The Master and Parasite Attack. 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :141—148.
We explore a new type of malicious script attacks: the persistent parasite attack. Persistent parasites are stealthy scripts, which persist for a long time in the browser's cache. We show to infect the caches of victims with parasite scripts via TCP injection. Once the cache is infected, we implement methodologies for propagation of the parasites to other popular domains on the victim client as well as to other caches on the network. We show how to design the parasites so that they stay long time in the victim's cache not restricted to the duration of the user's visit to the web site. We develop covert channels for communication between the attacker and the parasites, which allows the attacker to control which scripts are executed and when, and to exfiltrate private information to the attacker, such as cookies and passwords. We then demonstrate how to leverage the parasites to perform sophisticated attacks, and evaluate the attacks against a range of applications and security mechanisms on popular browsers. Finally we provide recommendations for countermeasures.
2022-01-10
Ngo, Quoc-Dung, Nguyen, Huy-Trung, Nguyen, Viet-Dung, Dinh, Cong-Minh, Phung, Anh-Tu, Bui, Quy-Tung.  2021.  Adversarial Attack and Defense on Graph-based IoT Botnet Detection Approach. 2021 International Conference on Electrical, Communication, and Computer Engineering (ICECCE). :1–6.
To reduce the risk of botnet malware, methods of detecting botnet malware using machine learning have received enormous attention in recent years. Most of the traditional methods are based on supervised learning that relies on static features with defined labels. However, recent studies show that supervised machine learning-based IoT malware botnet models are more vulnerable to intentional attacks, known as an adversarial attack. In this paper, we study the adversarial attack on PSI-graph based researches. To perform the efficient attack, we proposed a reinforcement learning based method with a trained target classifier to modify the structures of PSI-graphs. We show that PSI-graphs are vulnerable to such attack. We also discuss about defense method which uses adversarial training to train a defensive model. Experiment result achieves 94.1% accuracy on the adversarial dataset; thus, shows that our defensive model is much more robust than the previous target classifier.
2021-11-29
Li, Jingyi, Yi, Xiaoyin, Wei, Shi.  2020.  A Study of Network Security Situational Awareness in Internet of Things. 2020 International Wireless Communications and Mobile Computing (IWCMC). :1624–1629.
As the application of Internet of Things technology becomes more common, the security problems derived from it became more and more serious. Different from the traditional Internet, the security of the Internet of Things presented new features. This paper introduced the current situation of Internet of Things security, generalized the definitions of situation awareness and network security situation awareness, and finally discussed the methods of establishing security situational awareness of Internet of Things which provided some tentative solutions to the new DDoS attack caused by Internet of Things terminals.
2021-11-08
Abbas, Syed Ghazanfar, Zahid, Shahzaib, Hussain, Faisal, Shah, Ghalib A., Husnain, Muhammad.  2020.  A Threat Modelling Approach to Analyze and Mitigate Botnet Attacks in Smart Home Use Case. 2020 IEEE 14th International Conference on Big Data Science and Engineering (BigDataSE). :122–129.
Despite the surging development and utilization of IoT devices, the security of IoT devices is still in infancy. The security pitfalls of IoT devices have made it easy for hackers to take over IoT devices and use them for malicious activities like botnet attacks. With the rampant emergence of IoT devices, botnet attacks are surging. The botnet attacks are not only catastrophic for IoT device users but also for the rest of the world. Therefore, there is a crucial need to identify and mitigate the possible threats in IoT devices during the design phase. Threat modelling is a technique that is used to identify the threats in the earlier stages of the system design activity. In this paper, we propose a threat modelling approach to analyze and mitigate the botnet attacks in an IoT smart home use case. The proposed methodology identifies the development-level and application-level threats in smart home use case using STRIDE and VAST threat modelling methods. Moreover, we reticulate the identified threats with botnet attacks. Finally, we propose the mitigation techniques for all identified threats including the botnet threats.
2021-09-21
Yan, Fan, Liu, Jia, Gu, Liang, Chen, Zelong.  2020.  A Semi-Supervised Learning Scheme to Detect Unknown DGA Domain Names Based on Graph Analysis. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1578–1583.
A large amount of malware families use the domain generation algorithms (DGA) to randomly generate a large amount of domain names. It is a good way to bypass conventional blacklists of domain names, because we cannot predict which of the randomly generated domain names are selected for command and control (C&C) communications. An effective approach for detecting known DGA families is to investigate the malware with reverse engineering to find the adopted generation algorithms. As reverse engineering cannot handle the variants of DGA families, some researches leverage supervised learning to find new variants. However, the explainability of supervised learning is low and cannot find previously unseen DGA families. In this paper, we propose a graph-based semi-supervised learning scheme to track the evolution of known DGA families and find previously unseen DGA families. With a domain relation graph, we can clearly figure out how new variants relate to known DGA domain names, which induces better explainability. We deployed the proposed scheme on real network scenarios and show that the proposed scheme can not only comprehensively and precisely find known DGA families, but also can find new DGA families which have not seen before.
2021-09-08
Yamanoue, Takashi, Murakami, Junya.  2020.  Development of an Intrusion Detection System Using a Botnet with the R Statistical Computing System. 2020 9th International Congress on Advanced Applied Informatics (IIAI-AAI). :59–62.
Development of an intrusion detection system, which tries to detect signs of technology of malware, is discussed. The system can detect signs of technology of malware such as peer to peer (P2P) communication, DDoS attack, Domain Generation Algorithm (DGA), and network scanning. The system consists of beneficial botnet and the R statistical computing system. The beneficial botnet is a group of Wiki servers, agent bots and analyzing bots. The script in a Wiki page of the Wiki server controls an agent bot or an analyzing bot. An agent bot is placed between a LAN and its gateway. It can capture every packet between hosts in the LAN and hosts behind the gateway from the LAN. An analyzing bot can be placed anywhere in the LAN or WAN if it can communicate with the Wiki server for controlling the analyzing bot. The analyzing bot has R statistical computing system and it can analyze data which is collected by agent bots.
Bhati, Akhilesh, Bouras, Abdelaziz, Ahmed Qidwai, Uvais, Belhi, Abdelhak.  2020.  Deep Learning Based Identification of DDoS Attacks in Industrial Application. 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4). :190–196.
Denial of Service (DoS) attacks are very common type of computer attack in the world of internet today. Automatically detecting such type of DDoS attack packets & dropping them before passing through is the best prevention method. Conventional solution only monitors and provide the feedforward solution instead of the feedback machine-based learning. A Design of Deep neural network has been suggested in this paper. In this approach, high level features are extracted for representation and inference of the dataset. Experiment has been conducted based on the ISCX dataset for year 2017, 2018 and CICDDoS2019 and program has been developed in Matlab R17b using Wireshark.
2021-05-05
Hasan, Tooba, Adnan, Akhunzada, Giannetsos, Thanassis, Malik, Jahanzaib.  2020.  Orchestrating SDN Control Plane towards Enhanced IoT Security. 2020 6th IEEE Conference on Network Softwarization (NetSoft). :457—464.

The Internet of Things (IoT) is rapidly evolving, while introducing several new challenges regarding security, resilience and operational assurance. In the face of an increasing attack landscape, it is necessary to cater for the provision of efficient mechanisms to collectively detect sophisticated malware resulting in undesirable (run-time) device and network modifications. This is not an easy task considering the dynamic and heterogeneous nature of IoT environments; i.e., different operating systems, varied connected networks and a wide gamut of underlying protocols and devices. Malicious IoT nodes or gateways can potentially lead to the compromise of the whole IoT network infrastructure. On the other hand, the SDN control plane has the capability to be orchestrated towards providing enhanced security services to all layers of the IoT networking stack. In this paper, we propose an SDN-enabled control plane based orchestration that leverages emerging Long Short-Term Memory (LSTM) classification models; a Deep Learning (DL) based architecture to combat malicious IoT nodes. It is a first step towards a new line of security mechanisms that enables the provision of scalable AI-based intrusion detection focusing on the operational assurance of only those specific, critical infrastructure components,thus, allowing for a much more efficient security solution. The proposed mechanism has been evaluated with current state of the art datasets (i.e., N\_BaIoT 2018) using standard performance evaluation metrics. Our preliminary results show an outstanding detection accuracy (i.e., 99.9%) which significantly outperforms state-of-the-art approaches. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that security does not hinder the deployment of intelligent IoT-based computing systems.

2021-03-17
Haseeb, J., Mansoori, M., Welch, I..  2020.  A Measurement Study of IoT-Based Attacks Using IoT Kill Chain. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :557—567.

Manufacturing limitations, configuration and maintenance flaws associated with the Internet of Things (IoT) devices have resulted in an ever-expanding attack surface. Attackers exploit IoT devices to steal private information, take part in botnets, perform Denial of Service (DoS) attacks and use their resources for the mining of cryptocurrency. In this paper, we experimentally evaluate a hypothesis that attacks on IoT devices follow the generalised Cyber Kill Chain (CKC) model. We used a medium-interaction honeypot to capture and analyse more than 30,000 attacks targeting IoT devices. We classified the steps taken by the attackers using the CKC model and extended CKC to an IoT Kill Chain (IoTKC) model. The IoTKC provides details about IoT-specific attack characteristics and attackers' activities in the exploitation of IoT devices.

2021-03-09
Zhou, B., He, J., Tan, M..  2020.  A Two-stage P2P Botnet Detection Method Based on Statistical Features. 2020 IEEE 11th International Conference on Software Engineering and Service Science (ICSESS). :497—502.

P2P botnet has become one of the most serious threats to today's network security. It can be used to launch kinds of malicious activities, ranging from spamming to distributed denial of service attack. However, the detection of P2P botnet is always challenging because of its decentralized architecture. In this paper, we propose a two-stage P2P botnet detection method which only relies on several traffic statistical features. This method first detects P2P hosts based on three statistical features, and then distinguishes P2P bots from benign P2P hosts by means of another two statistical features. Experimental evaluations on real-world traffic datasets shows that our method is able to detect hidden P2P bots with a detection accuracy of 99.7% and a false positive rate of only 0.3% within 5 minutes.

Susanto, Stiawan, D., Arifin, M. A. S., Idris, M. Y., Budiarto, R..  2020.  IoT Botnet Malware Classification Using Weka Tool and Scikit-learn Machine Learning. 2020 7th International Conference on Electrical Engineering, Computer Sciences and Informatics (EECSI). :15—20.

Botnet is one of the threats to internet network security-Botmaster in carrying out attacks on the network by relying on communication on network traffic. Internet of Things (IoT) network infrastructure consists of devices that are inexpensive, low-power, always-on, always connected to the network, and are inconspicuous and have ubiquity and inconspicuousness characteristics so that these characteristics make IoT devices an attractive target for botnet malware attacks. In identifying whether packet traffic is a malware attack or not, one can use machine learning classification methods. By using Weka and Scikit-learn analysis tools machine learning, this paper implements four machine learning algorithms, i.e.: AdaBoost, Decision Tree, Random Forest, and Naïve Bayes. Then experiments are conducted to measure the performance of the four algorithms in terms of accuracy, execution time, and false positive rate (FPR). Experiment results show that the Weka tool provides more accurate and efficient classification methods. However, in false positive rate, the use of Scikit-learn provides better results.

Injadat, M., Moubayed, A., Shami, A..  2020.  Detecting Botnet Attacks in IoT Environments: An Optimized Machine Learning Approach. 2020 32nd International Conference on Microelectronics (ICM). :1—4.

The increased reliance on the Internet and the corresponding surge in connectivity demand has led to a significant growth in Internet-of-Things (IoT) devices. The continued deployment of IoT devices has in turn led to an increase in network attacks due to the larger number of potential attack surfaces as illustrated by the recent reports that IoT malware attacks increased by 215.7% from 10.3 million in 2017 to 32.7 million in 2018. This illustrates the increased vulnerability and susceptibility of IoT devices and networks. Therefore, there is a need for proper effective and efficient attack detection and mitigation techniques in such environments. Machine learning (ML) has emerged as one potential solution due to the abundance of data generated and available for IoT devices and networks. Hence, they have significant potential to be adopted for intrusion detection for IoT environments. To that end, this paper proposes an optimized ML-based framework consisting of a combination of Bayesian optimization Gaussian Process (BO-GP) algorithm and decision tree (DT) classification model to detect attacks on IoT devices in an effective and efficient manner. The performance of the proposed framework is evaluated using the Bot-IoT-2018 dataset. Experimental results show that the proposed optimized framework has a high detection accuracy, precision, recall, and F-score, highlighting its effectiveness and robustness for the detection of botnet attacks in IoT environments.

Memos, V. A., Psannis, K. E..  2020.  AI-Powered Honeypots for Enhanced IoT Botnet Detection. 2020 3rd World Symposium on Communication Engineering (WSCE). :64—68.

Internet of Things (IoT) is a revolutionary expandable network which has brought many advantages, improving the Quality of Life (QoL) of individuals. However, IoT carries dangers, due to the fact that hackers have the ability to find security gaps in users' IoT devices, which are not still secure enough and hence, intrude into them for malicious activities. As a result, they can control many connected devices in an IoT network, turning IoT into Botnet of Things (BoT). In a botnet, hackers can launch several types of attacks, such as the well known attacks of Distributed Denial of Service (DDoS) and Man in the Middle (MitM), and/or spread various types of malicious software (malware) to the compromised devices of the IoT network. In this paper, we propose a novel hybrid Artificial Intelligence (AI)-powered honeynet for enhanced IoT botnet detection rate with the use of Cloud Computing (CC). This upcoming security mechanism makes use of Machine Learning (ML) techniques like the Logistic Regression (LR) in order to predict potential botnet existence. It can also be adopted by other conventional security architectures in order to intercept hackers the creation of large botnets for malicious actions.

Hegde, M., Kepnang, G., Mazroei, M. Al, Chavis, J. S., Watkins, L..  2020.  Identification of Botnet Activity in IoT Network Traffic Using Machine Learning. 2020 International Conference on Intelligent Data Science Technologies and Applications (IDSTA). :21—27.

Today our world benefits from Internet of Things (IoT) technology; however, new security problems arise when these IoT devices are introduced into our homes. Because many of these IoT devices have access to the Internet and they have little to no security, they make our smart homes highly vulnerable to compromise. Some of the threats include IoT botnets and generic confidentiality, integrity, and availability (CIA) attacks. Our research explores botnet detection by experimenting with supervised machine learning and deep-learning classifiers. Further, our approach assesses classifier performance on unbalanced datasets that contain benign data, mixed in with small amounts of malicious data. We demonstrate that the classifiers can separate malicious activity from benign activity within a small IoT network dataset. The classifiers can also separate malicious activity from benign activity in increasingly larger datasets. Our experiments have demonstrated incremental improvement in results for (1) accuracy, (2) probability of detection, and (3) probability of false alarm. The best performance results include 99.9% accuracy, 99.8% probability of detection, and 0% probability of false alarm. This paper also demonstrates how the performance of these classifiers increases, as IoT training datasets become larger and larger.

Lingenfelter, B., Vakilinia, I., Sengupta, S..  2020.  Analyzing Variation Among IoT Botnets Using Medium Interaction Honeypots. 2020 10th Annual Computing and Communication Workshop and Conference (CCWC). :0761—0767.

Through analysis of sessions in which files were created and downloaded on three Cowrie SSH/Telnet honeypots, we find that IoT botnets are by far the most common source of malware on connected systems with weak credentials. We detail our honeypot configuration and describe a simple method for listing near-identical malicious login sessions using edit distance. A large number of IoT botnets attack our honeypots, but the malicious sessions which download botnet software to the honeypot are almost all nearly identical to one of two common attack patterns. It is apparent that the Mirai worm is still the dominant botnet software, but has been expanded and modified by other hackers. We also find that the same loader devices deploy several different botnet malware strains to the honeypot over the course of a 40 day period, suggesting multiple botnet deployments from the same source. We conclude that Mirai continues to be adapted but can be effectively tracked using medium interaction honeypots such as Cowrie.

Muhammad, A., Asad, M., Javed, A. R..  2020.  Robust Early Stage Botnet Detection using Machine Learning. 2020 International Conference on Cyber Warfare and Security (ICCWS). :1—6.

Among the different types of malware, botnets are rising as the most genuine risk against cybersecurity as they give a stage to criminal operations (e.g., Distributed Denial of Service (DDOS) attacks, malware dispersal, phishing, and click fraud and identity theft). Existing botnet detection techniques work only on specific botnet Command and Control (C&C) protocols and lack in providing early-stage botnet detection. In this paper, we propose an approach for early-stage botnet detection. The proposed approach first selects the optimal features using feature selection techniques. Next, it feeds these features to machine learning classifiers to evaluate the performance of the botnet detection. Experiments reveals that the proposed approach efficiently classifies normal and malicious traffic at an early stage. The proposed approach achieves the accuracy of 99%, True Positive Rate (TPR) of 0.99 %, and False Positive Rate (FPR) of 0.007 % and provide an efficient detection rate in comparison with the existing approach.

Yerima, S. Y., Alzaylaee, M. K..  2020.  Mobile Botnet Detection: A Deep Learning Approach Using Convolutional Neural Networks. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1—8.

Android, being the most widespread mobile operating systems is increasingly becoming a target for malware. Malicious apps designed to turn mobile devices into bots that may form part of a larger botnet have become quite common, thus posing a serious threat. This calls for more effective methods to detect botnets on the Android platform. Hence, in this paper, we present a deep learning approach for Android botnet detection based on Convolutional Neural Networks (CNN). Our proposed botnet detection system is implemented as a CNN-based model that is trained on 342 static app features to distinguish between botnet apps and normal apps. The trained botnet detection model was evaluated on a set of 6,802 real applications containing 1,929 botnets from the publicly available ISCX botnet dataset. The results show that our CNN-based approach had the highest overall prediction accuracy compared to other popular machine learning classifiers. Furthermore, the performance results observed from our model were better than those reported in previous studies on machine learning based Android botnet detection.

Yamaguchi, S..  2020.  Botnet Defense System and Its Basic Strategy Against Malicious Botnet. 2020 IEEE International Conference on Consumer Electronics - Taiwan (ICCE-Taiwan). :1—2.

This paper proposes a basic strategy for Botnet Defense System (BDS). BDS is a cybersecurity system that utilizes white-hat botnets to defend IoT systems against malicious botnets. Once a BDS detects a malicious botnet, it launches white-hat worms in order to drive out the malicious botnet. The proposed strategy aims at the proper use of the worms based on the worms' capability such as lifespan and secondary infectivity. If the worms have high secondary infectivity or a long lifespan, the BDS only has to launch a few worms. Otherwise, it should launch as many worms as possible. The effectiveness of the strategy was confirmed through the simulation evaluation using agent-oriented Petri nets.

Kamilin, M. H. B., Yamaguchi, S..  2020.  White-Hat Worm Launcher Based on Deep Learning in Botnet Defense System. 2020 IEEE International Conference on Consumer Electronics - Asia (ICCE-Asia). :1—2.

This paper proposes a deep learning-based white-hat worm launcher in Botnet Defense System (BDS). BDS uses white-hat botnets to defend an IoT system against malicious botnets. White-hat worm launcher literally launches white-hat worms to create white-hat botnets according to the strategy decided by BDS. The proposed launcher learns with deep learning where is the white-hat worms' right place to successfully drive out malicious botnets. Given a system situation invaded by malicious botnets, it predicts a worms' placement by the learning result and launches them. We confirmed the effect of the proposed launcher through simulating evaluation.