A botnet is one of the most grievous threats to network security since it can evolve into many attacks, such as Denial-of-Service (DoS), spam, and phishing. However, current detection methods are inefficient to identify unknown botnet. The high-speed network environment makes botnet detection more difficult. To solve these problems, we improve the progress of packet processing technologies such as New Application Programming Interface (NAPI) and zero copy and propose an efficient quasi-real-time intrusion detection system. Our work detects botnet using supervised machine learning approach under the high-speed network environment. Our contributions are summarized as follows: (1) Build a detection framework using PF_RING for sniffing and processing network traces to extract flow features dynamically. (2) Use random forest model to extract promising conversation features. (3) Analyze the performance of different classification algorithms. The proposed method is demonstrated by well-known CTU13 dataset and nonmalicious applications. The experimental results show our conversation-based detection approach can identify botnet with higher accuracy and lower false positive rate than flow-based approach.
from #AlexandrosSfakianakis via Alexandros G.Sfakianakis on Inoreader http://ift.tt/2od5j0Z
via IFTTT
Εγγραφή σε:
Σχόλια ανάρτησης (Atom)
Δημοφιλείς αναρτήσεις
-
Abstract Blinatumomab is a bispecific T-cell engaging αCD19 antibody used in refractory or relapsed B-cell precursor acute lymphoblastic l...
-
Malignant peripheral nerve sheath tumor (MPNST) is the leading cause of mortality in patients with neurofibromatosis type 1. In 2002, an MPN...
-
Abstract Background While dietary factors have been shown to play an important etiologic role in non-Hodgkin lymphoma (NHL), little is k...
-
Exposure to asbestos is the main cause of malignant pleural mesothelioma (MPM), a highly aggressive cancer of the pleura. Since the only too...
-
<span class="paragraphSection"><div class="boxTitle">Background</div>In Australia, high uptake of the ...
-
There are more than 600 receptor-like kinases (RLKs) in Arabidopsis, but due to challenges associated with the characterization of membrane ...
-
About 540 million years ago a group of jellyfish washed ashore, died and fossilised – preserving evidence of the earliest example of an anim...
-
Objective Papillary thyroid microcarcinoma (PTMC) accounts for most of the increase in thyroid cancer in recent decades. We compared clinica...
-
5 Essential Oils for Relieving Your Allergy Symptoms Reader's Digest The minty scent can also unstuff your sinuses and may even ...
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου