A botnet is one of the most grievous threats to network security since it can evolve into many attacks, such as Denial-of-Service (DoS), spam, and phishing. However, current detection methods are inefficient to identify unknown botnet. The high-speed network environment makes botnet detection more difficult. To solve these problems, we improve the progress of packet processing technologies such as New Application Programming Interface (NAPI) and zero copy and propose an efficient quasi-real-time intrusion detection system. Our work detects botnet using supervised machine learning approach under the high-speed network environment. Our contributions are summarized as follows: (1) Build a detection framework using PF_RING for sniffing and processing network traces to extract flow features dynamically. (2) Use random forest model to extract promising conversation features. (3) Analyze the performance of different classification algorithms. The proposed method is demonstrated by well-known CTU13 dataset and nonmalicious applications. The experimental results show our conversation-based detection approach can identify botnet with higher accuracy and lower false positive rate than flow-based approach.
from #AlexandrosSfakianakis via Alexandros G.Sfakianakis on Inoreader http://ift.tt/2od5j0Z
via IFTTT
Εγγραφή σε:
Σχόλια ανάρτησης (Atom)
Δημοφιλείς αναρτήσεις
-
Publication date: January 2017 Source: International Journal of Biological Macromolecules, Volume 94, Part A Author(s): Vinicius Jose Silv...
-
Background Moyamoya angiopathy (MMA) is characterised by a progressive stenosis of the terminal part of the internal carotid arteries and th...
-
Publication date: October 2017 Source: International Journal of Biological Macromolecules, Volume 103 Author(s): Shehwaz Anwar, Hina Youn...
-
Communicating with patients at the end of life is regarded as a difficult task, and speaking openly about death is often avoided.1,2 Around ...
-
Pyrexia is a physiological response through which the immune system responds to infectious processes. Hyperpyrexia is known to be neurodegen...
-
A. M. Y. Yong, SS Yang, KB Tan, SA Ho Indian Dermatology Online Journal 2017 8(3):192-194 The Trichosporon species are yeast-like opport...
-
Mucoepidermoid carcinoma is the most common malignant, locally invasive tumour of the salivary glands and accounts for approximately 35% of ...
-
Abstract The core mission of the Early Stage Professionals in Molecular Imaging Sciences (ESPMIS) Interest Group is to help young scientist...
-
BACKGROUND AND PURPOSE: Treatment with bevacizumab is standard of care for recurrent high-grade gliomas; however, monitoring response to ...
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου