Detecting Stealthy Botnets in a Resource-Constrained Environment using Reinforcement Learning
作者: Sridhar Venkatesan , Massimiliano Albanese , Ankit Shah , Rajesh Ganesan , Sushil Jajodia
关键词:
摘要: Modern botnets can persist in networked systems for extended periods of time by operating a stealthy manner. Despite the progress made area botnet prevention, detection, and mitigation, continue to pose significant risk enterprises. Furthermore, existing enterprise-scale solutions require resources operate effectively, thus they are not practical. In order address this important problem resource-constrained environment, we propose reinforcement learning based approach optimally dynamically deploy limited number defensive mechanisms, namely honeypots network-based detectors, within target network. The ultimate goal proposed is reduce lifetime maximizing bots identified taken down through sequential decision-making process. We provide proof-of-concept approach, study its performance simulated environment. results show that promising protecting against botnets.
acm.org
sci-hub.se 参考文章(26)
Sridhar Venkatesan, Massimiliano Albanese, George Cybenko, Sushil Jajodia, A Moving Target Defense Approach to Disrupting Stealthy Botnets Proceedings of the 2016 ACM Workshop on Moving Target Defense. pp. 37- 46 ,(2016) , 10.1145/2995272.2995280
Karim Khalil, Zhiyun Qian, Paul Yu, Srikanth Krishnamurthy, Ananthram Swami, Optimal Monitor Placement for Detection of Persistent Threats global communications conference. pp. 1- 6 ,(2016) , 10.1109/GLOCOM.2016.7842088
Michael West, Preventing System Intrusions Computer and Information Security Handbook. pp. 39- 51 ,(2009) , 10.1016/B978-0-12-374354-1.00003-0
Michael P. Wellman, Achintya Prakash, Empirical Game-Theoretic Analysis of an Adaptive Cyber-Defense Scenario (Preliminary Report) decision and game theory for security. pp. 43- 58 ,(2014) , 10.1007/978-3-319-12601-2_3
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
L. Spitzner, Honeypots: Tracking Hackers ,(2002)
Abhijit Gosavi, Simulation-Based Optimization: Parametric Optimization Techniques and Reinforcement Learning ,(2003)
John R. Vacca, Computer and Information Security Handbook ,(2012)
Stephan Schmidt, Tansu Alpcan, Şahin Albayrak, Tamer Başar, Achim Mueller, A Malware Detector Placement Game for Intrusion Detection Critical Information Infrastructures Security. ,vol. 5141, pp. 311- 326 ,(2008) , 10.1007/978-3-540-89173-4_26
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)