在網路安全領域中，殭屍網路已成為一個日益嚴重的威脅。不同類型的殭屍網路表現出不同的行為模式和特徵，例如傳播惡意連結的 Waledac、竊取帳號密碼的 TrickBot，以及進行加密貨幣挖掘的 Smominru。本研究致力於實時偵測殭屍網路活動，並開發了一套多類別的真實網路流量標記系統。通過使用聚類演算法和半監督學習，該系統能夠標記良性流量，並對P2P和 C&C類型的殭屍網路流量進行多分類標記。我們利用 HDBSCAN 對合成資料集和真實世界資料進行群聚，顯著提高了標記的覆蓋率。剩餘的流量被標記為未知類別，在第二階段進行辨識，我們採用半監督學習方法進行處理。比較分析結果表明，HDBSCAN 在群聚效果上優於 DBSCAN，能夠準確群聚多出 11% 的資料。值得注意的是，相較於過去的研究，我們的系統在資料標記方面有顯著的提升。這項研究為網路安全領域的殭屍網路標記提供了一個有效的解決方案，能夠幫助偵測和防範殭屍網路的惡意活動。

In the realm of cybersecurity, botnets pose an escalating threat, with diverse types exhibiting unique behavior patterns and characteristics. This study addresses the need for real-time detection of botnet activities by developing a multi-class labeling system for real-world traffic. By utilizing clustering algorithms and semi-supervised learning, the system is capable of labeling benign traffic and performing multi-class labeling of P2P and C&C type botnets traffic. HDBSCAN is utilized to cluster synthetic and real-world datasets, significantly improving the labeling coverage. The remaining traffic is labeled as unknown and subjected to identification using a semi-supervised learning approach. A comparative analysis reveals the superior performance of HDBSCAN over DBSCAN, accurately clustering 11% more data. Notably, our system demonstrates substantial enhancements in data labeling compared to prior research. This research offers an effective solution for botnet labeling in network security, facilitating the detection and prevention of malicious botnet activities.

[1] Z. Liu, X. Yun, Y. Zhang and Y. Wang, "CCGA: Clustering and Capturing Group Activities for DGA-Based Botnets Detection," 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), Rotorua, New Zealand, 2019, pp. 136-143, doi: 10.1109/TrustCom/BigDataSE.2019.00027.
[2] Trajanovski, T.; Zhang, N. An Automated Behaviour-Based Clustering of IoT Botnets. Future Internet 2022, 14, 6. https://doi.org/10.3390/fi14010006
[3] Chen, Wei-Yu; Shieh, Ce-Kuen; Chang, Jyh-Biau. A Multi-type Botnet Classifier for Real Traffic Based on BotCluster. https://thesis.lib.ncku.edu.tw/thesis/detail/2328c0d4868bda0532cb46df1530941b/
[4] C.-Y. Wang, C.-L. Ou, Y.-E. Zhang, F.-M. Cho, J.-B. Chang, and C.-K. Shieh, "BotCluster: A Session-based P2P Botnet Clustering System on NetFlow," Computer Networks, Volume 145, 9 November 2018, pp. 175-189.
[5] Martin Ester, Hans-Peter Kriegel, Jörg Sander, and Xiaowei Xu. 1996. A density-based algorithm for discoveringclusters in large spatial databases with noise. InProceedings of the 2nd ACM International Conference on KnowledgeDiscovery and Data Mining (KDD). 226–231.
[6] Campello, R.J.G.B., Moulavi, D., Sander, J. (2013). Density-Based Clustering Based on Hierarchical Density Estimates. In: Pei, J., Tseng, V.S., Cao, L., Motoda, H., Xu, G. (eds) Advances in Knowledge Discovery and Data Mining. PAKDD 2013. Lecture Notes in Computer Science(), vol 7819. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37456-2_14
[7] Rosenberg, Chuck; Hebert, Martial; Schneiderman, Henry (2018). Semi-Supervised Self-Training of Object Detection Models. Carnegie Mellon University. Journal contribution. https://doi.org/10.1184/R1/6560834.v1
[8] Rahbarinia B., Perdisci R., Lanzi A. and Li K., Peerrush “Mining for unwanted p2p traffic”, Journal of Information Security and Applications, 2014, pp. 194-208
[9] Malware Capture Facility Project (2020) – [online] Available at: https://www.stratosphereips.org/datasets-malware
[10] Lo, Ta-Chun; Shieh, Ce-Kuen. Using Containerization Approach to Develop a Flink-based Botnet Rapid Detection System. http://140.116.207.99/handle/987654321/258226
[11] Comparing Python Clustering Algorithms, https://hdbscan.readthedocs.io/en/latest/comparing_clustering_algorithms.html.
[12] Abien Fred M. Agarap, " Deep Learning using Rectified Linear Units (ReLU)" Neural and Evolutionary Computing
[13] K. He, X. Zhang, S. Ren, J. Sun, " Deep Learning using Rectified Linear Units (ReLU)" International Conference of Computer Vision
[14] Diederik P. Kingma, Jimmy Lei Ba, " ADAM: A Method for Stochastic Optimization" Machine Learning
[15] N. Srivastava, G. Hinton, A. Krizhevsky, I. Sutskever, R. Salakhutdinov, " Dropout: A Simple Way to Prevent Neural Networks from Overfitting" Journal of Machine Learning Research
[16] Rahbarinia B., Perdisci R., Lanzi A. and Li K., Peerrush “Mining for unwanted p2p traffic”, Journal of Information Security and Applications, 2014, pp. 194-208
[17] Malware Capture Facility Project (2020) – [online] Available at: https://www.stratosphereips.org/datasets-malware
[18] A. Kumar, N. Kumar, A. Handa, S.K. Shukla “PeerClear: Peer-to-Peer Bot-net Detection”, International Symposium on Cyber Security Cryptography and Machine Learning, 2019, pp.279-296
[19] P. Gahelot, N. Dayal, “Flow Based Botnet Traffic Detection Using Machine Learning”, Proceedings of ICETIT, 2019, pp.418-426
[20] C.D. McDermott, F. Majdani, A.V. Petrovski, ” Botnet Detection in the Internet of Things using Deep Learning Approaches”, 2018 International Joint Conference on Neural Networks (IJCNN), 2018
[21] D. Tran, H. Mac, V. Tong, H.A. Tran, L.G. Nguyen, ”A LSTM based framework for handling multiclass imbalance in DGA botnet detection”, Neurocomputing, 2018, pp.2401-2413
[22] R.H. Hwang, M.C. Peng, V.L. Nguyen, Y.L. Chang, “An LSTM-Based Deep Learning Approach for Classifying Malicious Traffic at the Packet Level” Applied Sciences, 2019
[23] P. Torres, C. Catania, S. Garcia, C.G. Garino, “An analysis of Recurrent Neural Networks for Botnet detection behavior” 2016 IEEE Biennial Congress of Argentina (ARGENCON), 2016
[24] J. Roosmalen, H. Vranken, M. Eekelen, “Applying Deep Learning on Packet Flows for Botnet Detection” Symposium on Applied Computing, 2018
[25] F. Jiang, Y. Fu, B.B. Gupta, Y. Liang, S. Rho, F. Lou, F. Meng, Z. Tian, ”Deep Learning Based Multi-Channel Intelligent Attack Detection for Data Security”, IEEE TRANSACTIONS ON SUSTAINABLE COMPUTING, 2018
[26] I. Letteri, G.D. Penna, G.D. Gasperis, “Botnet Detection in Software Defined Networks by Deep Learning Techniques” International Symposium on Cyberspace Safety and Security, 2018, pp.49-62
[27] L.F. MAIMÓ, Á.L.P. GÓMEZ, F.J.G. CLEMENTE, M.G. PÉREZ, AND G.M. PÉREZ, “A Self-Adaptive Deep Learning-Based System for Anomaly Detection in 5G Networks” IEEE Access, 2018, pp.7700-7712
[28] A. Pektaş, T. Acarman, ” Botnet detection based on network flow summary and deep learning” Int J Network Mgmt, 2018
[29] Y. Meidan, M. Bohadana, Y. Mathov, Y. Mirsky, A. Shabtai, D. Breitenbacher, Y. Elovici, ” N-BaIoT—Network-Based Detection of IoT Botnet Attacks Using Deep Autoencoders” IEEE Pervasive Computing, 2018, pp.12-22
[30] W. Wang, M. Zhu, X. Zeng, X. Ye, Y. Sheng, ” Malware Traffic Classification Using Convolutional Neural Network for Representation Learning” 2017 International Conference on Information Networking (ICOIN), 2017, pp.712-717