Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection
作者: Omar Y. Al-Jarrah , Omar Alhussein , Paul D. Yoo , Sami Muhaidat , Kamal Taha
DOI: 10.1109/TCYB.2015.2490802
关键词:
摘要: Botnets, which consist of remotely controlled compromised machines called bots, provide a distributed platform for several threats against cyber world entities and enterprises. Intrusion detection system (IDS) provides an efficient countermeasure botnets. It continually monitors analyzes network traffic potential vulnerabilities possible existence active attacks. A payload-inspection-based IDS (PI-IDS) identifies intrusion attempts by inspecting transmission control protocol user datagram packet’s payload comparing it with previously seen attacks signatures. However, the PI-IDS abilities to detect intrusions might be incapacitated packet encryption. Traffic-based (T-IDS) alleviates shortcomings PI-IDS, as does not inspect payload; however, header identify intrusions. As network’s grows rapidly, only detection-rate is critical, but also efficiency scalability become more significant. In this paper, we propose state-of-the-art T-IDS built on novel randomized data partitioned learning model (RDPLM), relying compact feature set selection techniques, simplified subspacing multiple meta-learning technique. The proposed has achieved 99.984% accuracy 21.38 s training time well-known benchmark botnet dataset. Experiment results demonstrate that methodology outperforms other machine-learning models used in same task, namely, sequential minimal optimization, deep neural network, C4.5, reduced error pruning tree, randomTree.
bbk.ac.uk
dissem.in参考文章(52)
Mohammad Zulkernine, Jiong Zhang, Network Intrusion Detection using Random Forests. conference on privacy, security and trust. ,(2005)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
M. Hall, Correlation-based Feature Selection for Machine Learning PhD Thesis, Waikato Univer-sity. ,(1998)
Brian Rexroad, Anestis Karasaridis, David Hoeflin, Wide-scale botnet detection and characterization conference on workshop on hot topics in understanding botnets. pp. 7- 7 ,(2007)
Mark A. Hall, Ian H. Witten, Eibe Frank, Data Mining: Practical Machine Learning Tools and Techniques ,(1999)
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Géza Szabó, Dániel Orincsay, Szabolcs Malomsoky, István Szabó, On the validation of traffic classification algorithms passive and active network measurement. pp. 72- 81 ,(2008) , 10.1007/978-3-540-79232-1_8
Richard A Olshen, Charles J Stone, Leo Breiman, Jerome H Friedman, Classification and regression trees ,(1983)
K. Josien, G. Wang, T. W. Liao, E. Triantaphyllou, M. C. Liu, An evaluation of sampling methods for data mining with fuzzy C-means Data mining for design and manufacturing. pp. 355- 369 ,(2001) , 10.1007/978-1-4757-4911-3_15
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)