簡易檢索 / 詳目顯示
| 研究生: |
陳威宇 Chen, Wei-Yu |
|---|---|
| 論文名稱: |
基於BotCluster的真實流量多類型殭屍網路分類器 A Multi-type Botnet Classifier for Real Traffic Based on BotCluster |
| 指導教授: |
謝錫堃
Shieh, Ce-Kuen |
| 共同指導教授: |
張志標
Chang, Jyh-Biau |
| 學位類別: |
碩士 Master |
| 系所名稱: |
電機資訊學院 - 電腦與通信工程研究所 Institute of Computer & Communication Engineering |
| 論文出版年: | 2020 |
| 畢業學年度: | 108 |
| 語文別: | 英文 |
| 論文頁數: | 39 |
| 中文關鍵詞: | 真實流量 、網路流 、會話特徵 、多類型殭屍網路分類 、卷積神經網路 |
| 外文關鍵詞: | Real traffic, NetFlow, Multi-type Botnet Classify, Convolution neural network |
| 相關次數: | 點閱:116 下載:0 |
| 分享至: |
| 查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
現今偵測殭屍網路的研究存在一些局限性,例如使用合成數據集,查看網路封包的內容,僅區分良性和惡意樣本。這些限制可能使該方法在現實世界中不可使用。我們先前的研究,BotCluster,它是一個基於真實NetFlow的非監督式學習的殭屍網路偵測系統,該系統的精確度可以達到90%。雖然BotCluster可以在現實世界中偵測惡意IP並可以達到高精確度,但它無法分類多類型殭屍網路類型。在本文中,我們提出了一種基於BotCluster的多類型殭屍網路分類器。我們使用BotCluster的群聚能力,使合成數據集和真實流量群聚相似的行為,以標記真實流量。此外,我們建構了階層式卷積神經網路對多類型殭屍網路進行分類。實驗表明,良性過濾器F1 Score達到95.43%,惡性過濾器達到90.77%,殭屍網路分類器達到97.81%,整體F1 Score達到84.72%。從實驗結果得知,使用BotCluster標記真實世界的流量並使用階層式卷積神經網路來區分多類型殭屍網路是有效的,且可以在真實世界中實現。
Recent researches on botnet detection are not applicable in the real world due to some limitations, which are to use the synthetic dataset, to examine the packet’s payload, and only to distinguish benign and malicious samples. Our previous work, namely BotCluster, is an unsupervised learning botnet detection system based on real-world NetFlow, and its precision can reach 90%. However, it still could not classify multiple botnet types. In this paper, we present a multi-type botnet classifier based on BotCluster. We use the clustering ability and session features extraction of BotCluster to aggregate similar behavior for the synthetic dataset and real traffic and accomplish the work of labeling the real traffic. Besides, we construct a hierarchical convolutional neural network to classify the multi-type of the botnet. The experiment shows that the F1 score of Benign Filter gets 95.43%, the Malicious Filter gets 90.77% and the Botnet Classifier gets 97.81%, 84.72% overall F1 score. The experiment results also show that our classifier is effectiveness, and can be implemented in the real world via real-world traffic labeling by BotCluser and a hierarchical convolutional neural network.
[1] C.-Y. Wang, C.-L. Ou, Y.-E. Zhang, F.-M. Cho, J.-B. Chang, and C.-K. Shieh, "BotCluster: A Session-based P2P Botnet Clustering System on NetFlow", Computer Networks, Volume 145, 9 November 2018, pp. 175-189.
[2] R.H. Hwang, M.C. Peng, C.W. Huang, “Detecting IoT Malicious Traffic based on Autoencoder and Convolutional Neural Network”, 2019 IEEE Globecom Workshops
[3] M.H. Haghighat, Z.A. Foroushani, J. Li, “SAWANT: Smart Window Based Anomaly Detection Using Netflow Traffic”, 19th International Conference on Communication Technology, 2019, pp. 1396 - 1402
[4] Z. Zhou, L. Yao, J. Li, B. Hu, C. Wang, Z. Wang, “Classification of botnet families based on features self-learning under Network Traffic Censorship”, 3rd International Conference on Security of Smart Cities, Industrial Control System and Communications, SSIC, 2018, pp. 1-7
[5] S. Akarsh, P. Poornachandran, V.K. Menon,K.P. Soman,” A Detailed Investigation and Analysis of Deep Learning Architectures and Visualization Techniques for Malware Family Identification”, Cybersecurity and Secure Information Systems, 2019, pp. 241-286
[6] G. Marín, P. Casas, G.Capdehourat, “Deep in the Dark - Deep Learning-Based Malware Traffic Detection Without Expert Knowledge” IEEE Security and Privacy Workshops, 2019, pp. 36-42
[7] S. Hojjatinia, S. Hamzenejadi, H. Mohseni, “Android Botnet Detection using Convolutional Neural Networks”, 28th Iranian Conference on Electrical Engineering, 2019
[8] S. Homayoun, M. Ahmadzadeh, S. Hashemi, A. Dehghantanha, R. Khayami, “BoTShark: A Deep Learning Approach for Botnet Traffic Detection”, Cyber Threat Intelligence, 2018
[9] A. AZAB, M. KHASAWNEH, “MSIC: Malware Spectrogram Image Classification”, IEEE Access, 2020, pp. 102007 – 102021
[10] S.C. Chen, Y.R. Chen, and W.G. Tzeng “Effective Botnet Detection Through Neural Networks on Convolutional Features”, 17th IEEE International Conference On, 2018, pp.372-378
[11] 2019 Midyear Security Roundup Evasive Threats, Pervasive Effects, Trendmicro.
[12] M. Ester, H.P. Kriegel, J. Sander, X. Xu “A density-based algorithm for discovering clusters in large spatial databases with noise”, 1996
[13] Stratosphere IPS. (2020). CTU-13 Dataset — Stratosphere IPS. [online] Available at: https://www.stratosphereips.org/datasets-ctu13
[14] ISCX, Shiravi A., H. Tavallaee, M. Ghorbani, A.A., “Toward developing a systematic approach to generate benchmark datasets for intrusion detection”, Comput. Secur. vol. 31, pp. 357-374, 2012
[15] Nataraj L, Karthikeyan S, Jacob G, Manjunath BS “Malware images: visualization and automatic classification” In: Proceedings of the 8th international symposium on visualization for cyber security, 2011, ACM, p 4
[16] Rahbarinia B., Perdisci R., Lanzi A. and Li K., Peerrush “Mining for unwanted p2p traffic”, Journal of Information Security and Applications, 2014, pp. 194-208
[17] Malware Capture Facility Project (2020) – [online] Available at: https://www.stratosphereips.org/datasets-malware
[18] A. Kumar, N. Kumar, A. Handa, S.K. Shukla “PeerClear: Peer-to-Peer Bot-net Detection”, International Symposium on Cyber Security Cryptography and Machine Learning, 2019, pp.279-296
[19] P. Gahelot, N. Dayal, “Flow Based Botnet Traffic Detection Using Machine Learning”, Proceedings of ICETIT, 2019, pp.418-426
校內:2024-12-31公開校外:2024-12-31公開