International Journal of Computer Science & Network Security

International Journal of Computer Science & Network Security (국제컴퓨터통신보호논문지학회)
권호 표지
DOI QR코드

DOI QR Code

Multiclass Botnet Detection and Countermeasures Selection

  • Farhan Tariq (Center for Advance Studies in Engineering Muslim Youth University) ;
  • Shamim baig (Center for Advance Studies in Engineering Muslim Youth University)
  • Received : 2024.05.05
  • Published : 2024.05.30
Download PDF
⟨ Previous Next ⟩

Abstract

The increasing number of botnet attacks incorporating new evasion techniques making it infeasible to completely secure complex computer network system. The botnet infections are likely to be happen, the timely detection and response to these infections helps to stop attackers before any damage is done. The current practice in traditional IP networks require manual intervention to response to any detected malicious infection. This manual response process is more probable to delay and increase the risk of damage. To automate this manual process, this paper proposes to automatically select relevant countermeasures for detected botnet infection. The propose approach uses the concept of flow trace to detect botnet behavior patterns from current and historical network activity. The approach uses the multiclass machine learning based approach to detect and classify the botnet activity into IRC, HTTP, and P2P botnet. This classification helps to calculate the risk score of the detected botnet infection. The relevant countermeasures selected from available pool based on risk score of detected infection.

Keywords

References

  1. F. Tariq and S. Baig, "Multiclass Machine Learning Based Botnet Detection in Software Defined Networks," IJCSNS, vol. 19, no. 3, p. 150, 2019.
  2. Nespoli, Pantaleone, et al. "Optimal countermeasures selection against cyber attacks: A comprehensive survey on reaction frameworks." IEEE Communications Surveys & Tutorials 20.2 (2017): 1361-1396.
  3. Chung, Chun-Jen, et al. "NICE: Network intrusion detection and countermeasure selection in virtual network systems." IEEE transactions on dependable and secure computing 10.4 (2013): 198-211.
  4. F. Tariq and S. Baig, "Botnet classification using centralized collection of network flow counters in software defined networks," Int. J. Comput. Sci. Inf. Secur., vol. 14, no. 8, p.
  5. F. Tariq and S. Baig, "Machine learning based botnet detection in software defined networks," Int. J. Secur. Its Appl., vol. 11, no. 11, pp. 1-11, 2017.
  6. Koulouris, Theofrastos, M. Casassa Mont, and Simon Arnell. "SDN4S: Software defined networking for security." Hewlett Packard Labs, Palo Alto, CA, USA, Tech. Rep (2017).
  7. Chakir, El Mostapha, Mohamed Moughit, and Youness Idrissi Khamlichi. "A real-time risk assessment model for intrusion detection systems." 2017 International Symposium on Networks, Computers and Communications (ISNCC). IEEE, 2017.
  8. Chakir, El Mostapha, Mohamed Moughit, and Youness Idrissi Khamlichi. "A real-time risk assessment model for intrusion detection systems." 2017 International Symposium on Networks, Computers and Communications (ISNCC). IEEE, 2017.
  9. N. Poolsappasit, R. Dewri, and I. Ray, "Dynamic security risk management using bayesian attack graphs," IEEE Trans. Dependable and Secure Computing, vol. 9, no. 1, pp. 61-74, Feb. 2012.
  10. Open Networking Fundation, "Software-defined networking: The new norm for networks," ONF White Paper, Apr. 2012.
  11. Wang, Lingyu, Anyi Liu, and Sushil Jajodia. "Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts." Computer communications 29.15 (2006): 2917-2933.
  12. Cichonski, Paul, et al. "Computer security incident handling guide." NIST Special Publication 800.61 (2012): 1-147.
  13. Don, Moira West-Brown, et al. "Handbook for computer security incident response teams (CSIRTs)." (1998).
  14. Wagner, Neal, et al. "Towards automated cyber decision support: A case study on network segmentation for security." 2016 IEEE Symposium Series on Computational Intelligence (SSCI). IEEE, 2016.
  15. Poolsappasit, Nayot, Rinku Dewri, and Indrajit Ray. "Dynamic security risk management using bayesian attack graphs." IEEE Transactions on Dependable and Secure Computing 9.1 (2011): 61-74.
  16. Modi, Ajay, and A. Doupe. "Automated Confidence Score Measurement of Threat Indicators." (2017).