An Active and Dynamic Botnet Detection Approach to Track Hidden Concept Drift
作者: Zhi Wang , Meiqi Tian , Chunfu Jia
DOI: 10.1007/978-3-319-89500-0_55
关键词:
摘要: Nowadays, machine learning has been widely used as a core component in botnet detection systems. However, the assumption of algorithm is that underlying data distribution stable for training and testing, which vulnerable to well-crafted concept drift attacks, such mimicry gradient descent poisoning attacks so on. In this paper we present an active dynamic approach mitigate hidden attacks. Instead passively waiting false negative, could actively find trend using statistical p-values before performance starts degenerate. And besides periodically retraining, dynamically reweight predictive features track drift. We test on public CTU captures provided by malware capture facility project. The experiment results show get insights drift, evolve avoid model aging.
springer.com
sci-hub.se 参考文章(24)
I. Arce, The weakest link revisited [information security] ieee symposium on security and privacy. ,vol. 1, pp. 72- 76 ,(2003) , 10.1109/MSECP.2003.1193216
Kapil Singh, Samrit Sangal, Nehil Jain, Patrick Traynor, Wenke Lee, Evaluating Bluetooth as a medium for botnet command and control international conference on detection of intrusions and malware and vulnerability assessment. pp. 61- 80 ,(2010) , 10.1007/978-3-642-14215-4_4
Tao Yin, Yongzheng Zhang, Shuhao Li, DR-SNBot: A Social Network-Based Botnet with Strong Destroy-Resistance 2014 9th IEEE International Conference on Networking, Architecture, and Storage. pp. 191- 199 ,(2014) , 10.1109/NAS.2014.37
Nedim rndic, Pavel Laskov, Practical Evasion of a Learning-Based Classifier: A Case Study ieee symposium on security and privacy. pp. 197- 211 ,(2014) , 10.1109/SP.2014.20
Yuanyuan Zeng, Kang G. Shin, Xin Hu, Design of SMS commanded-and-controlled and P2P-structured mobile botnets wireless network security. pp. 137- 148 ,(2012) , 10.1145/2185448.2185467
Alex Kantchelian, Sadia Afroz, Ling Huang, Aylin Caliskan Islam, Brad Miller, Michael Carl Tschantz, Rachel Greenstadt, Anthony D. Joseph, J. D. Tygar, Approaches to adversarial drift computer and communications security. pp. 99- 110 ,(2013) , 10.1145/2517312.2517320
S. García, M. Grill, J. Stiborek, A. Zunino, An empirical comparison of botnet detection methods Computers & Security. ,vol. 45, pp. 100- 123 ,(2014) , 10.1016/J.COSE.2014.05.011
Charles Smutz, Angelos Stavrou, Malicious PDF detection using metadata and structural features Proceedings of the 28th Annual Computer Security Applications Conference on - ACSAC '12. pp. 239- 248 ,(2012) , 10.1145/2420950.2420987
Battista Biggio, Ignazio Pillai, Samuel Rota Bulò, Davide Ariu, Marcello Pelillo, Fabio Roli, Is data clustering in adversarial settings secure Proceedings of the 2013 ACM workshop on Artificial intelligence and security. pp. 87- 98 ,(2013) , 10.1145/2517312.2517321
Battista Biggio, Konrad Rieck, Davide Ariu, Christian Wressnegger, Igino Corona, Giorgio Giacinto, Fabio Roli, Poisoning behavioral malware clustering Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop. pp. 27- 36 ,(2014) , 10.1145/2666652.2666666