Traffic Feature-Based Botnet Detection Scheme Emphasizing the Importance of Long Patterns

Yichen An, Shuichiro Haruta, Sanghun Choi, Iwao Sasase

研究成果: Conference contribution

抜粋

The botnet detection is imperative. Among several detection schemes, the promising one uses the communication sequences. The main idea of that scheme is that the communication sequences represent special feature since they are controlled by programs. That sequence is tokenized to truncated sequences by n-gram and the numbers of each pattern’s occurrence are used as a feature vector. However, although the features are normalized by the total number of all patterns’ occurrences, the number of occurrences in larger n are less than those of smaller n. That is, regardless of the value of n, the previous scheme normalizes it by the total number of all patterns’ occurrences. As a result, normalized long patterns’ features become very small value and are hidden by others. In order to overcome this shortcoming, in this paper, we propose a traffic feature-based botnet detection scheme emphasizing the importance of long patterns. We realize the emphasizing by two ideas. The first idea is normalizing occurrences by the total number of occurrences in each n instead of the total number of all patterns’ occurrences. By doing this, smaller occurrences in larger n are normalized by smaller values and the feature becomes more balanced with larger value. The second idea is giving weights to the normalized features by calculating ranks of the normalized feature. By weighting features according to the ranks, we can get more outstanding features of longer patterns. By the computer simulation with real dataset, we show the effectiveness of our scheme.

元の言語English
ホスト出版物のタイトルImage Processing and Communications - Techniques, Algorithms and Applications, IP and C 2019
編集者Michal Choras, Ryszard S. Choras
出版者Springer Verlag
ページ181-188
ページ数8
ISBN(印刷物)9783030312534
DOI
出版物ステータスPublished - 2020 1 1
イベントInternational Conference on Image Processing and Communications, IP and C 2019 - Bydgoszcz, Poland
継続期間: 2019 9 112019 9 13

出版物シリーズ

名前Advances in Intelligent Systems and Computing
1062
ISSN(印刷物)2194-5357
ISSN(電子版)2194-5365

Conference

ConferenceInternational Conference on Image Processing and Communications, IP and C 2019
Poland
Bydgoszcz
期間19/9/1119/9/13

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Computer Science(all)

フィンガープリント Traffic Feature-Based Botnet Detection Scheme Emphasizing the Importance of Long Patterns' の研究トピックを掘り下げます。これらはともに一意のフィンガープリントを構成します。

  • これを引用

    An, Y., Haruta, S., Choi, S., & Sasase, I. (2020). Traffic Feature-Based Botnet Detection Scheme Emphasizing the Importance of Long Patterns. : M. Choras, & R. S. Choras (版), Image Processing and Communications - Techniques, Algorithms and Applications, IP and C 2019 (pp. 181-188). (Advances in Intelligent Systems and Computing; 巻数 1062). Springer Verlag. https://doi.org/10.1007/978-3-030-31254-1_22