In the face of the increasingly severe Botnet problem on the Internet,how to effectively detect Botnet traffic in realtime has become a critical problem.Although the existing deepQnetwork(DQN)algorithminDeep reinforce...In the face of the increasingly severe Botnet problem on the Internet,how to effectively detect Botnet traffic in realtime has become a critical problem.Although the existing deepQnetwork(DQN)algorithminDeep reinforcement learning can solve the problem of real-time updating,its prediction results are always higher than the actual results.In Botnet traffic detection,although it performs well in the training set,the accuracy rate of predicting traffic is as high as%;however,in the test set,its accuracy has declined,and it is impossible to adjust its prediction strategy on time based on new data samples.However,in the new dataset,its accuracy has declined significantly.Therefore,this paper proposes a Botnet traffic detection system based on double-layer DQN(DDQN).Two Q-values are designed to adjust the model in policy and action,respectively,to achieve real-time model updates and improve the universality and robustness of the model under different data sets.Experiments show that compared with the DQN model,when using DDQN,the Q-value is not too high,and the detectionmodel has improved the accuracy and precision of Botnet traffic.Moreover,when using Botnet data sets other than the test set,the accuracy and precision of theDDQNmodel are still higher than DQN.展开更多
The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as P...The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as Peer-to-Peer(P2P)networks.The P2P botnets leverage the privileges of the decentralized nature of P2P networks.Consequently,the P2P botnets exploit the resilience of this architecture to be arduous against take-down procedures.Some P2P botnets are smarter to be stealthy in their Commandand-Control mechanisms(C2)and elude the standard discovery mechanisms.Therefore,the other side of this cyberwar is the monitor.The P2P botnet monitoring is an exacting mission because the monitoring must care about many aspects simultaneously.Some aspects pertain to the existing monitoring approaches,some pertain to the nature of P2P networks,and some to counter the botnets,i.e.,the anti-monitoring mechanisms.All these challenges should be considered in P2P botnet monitoring.To begin with,this paper provides an anatomy of P2P botnets.Thereafter,this paper exhaustively reviews the existing monitoring approaches of P2P botnets and thoroughly discusses each to reveal its advantages and disadvantages.In addition,this paper groups the monitoring approaches into three groups:passive,active,and hybrid monitoring approaches.Furthermore,this paper also discusses the functional and non-functional requirements of advanced monitoring.In conclusion,this paper ends by epitomizing the challenges of various aspects and gives future avenues for better monitoring of P2P botnets.展开更多
The exponential growth in the development of smartphones and handheld devices is permeated due to everyday activities i.e.,games applications,entertainment,online banking,social network sites,etc.,and also allow the e...The exponential growth in the development of smartphones and handheld devices is permeated due to everyday activities i.e.,games applications,entertainment,online banking,social network sites,etc.,and also allow the end users to perform a variety of activities.Because of activities,mobile devices attract cybercriminals to initiate an attack over a diverse range of malicious activities such as theft of unauthorized information,phishing,spamming,Distributed Denial of Services(DDoS),and malware dissemination.Botnet applications are a type of harmful attack that can be used to launch malicious activities and has become a significant threat in the research area.A botnet is a collection of infected devices that are managed by a botmaster and communicate with each other via a command server in order to carry out malicious attacks.With the rise in malicious attacks,detecting botnet applications has become more challenging.Therefore,it is essential to investigate mobile botnet attacks to uncover the security issues in severe financial and ethical damages caused by a massive coordinated command server.Current state of the art,various solutions were provided for the detection of botnet applications,but in general,the researchers suffer various techniques of machine learning-based methods with static features which are usually ineffective when obfuscation techniques are used for the detection of botnet applications.In this paper,we propose an approach by exploring the concept of a deep learning-based method and present a well-defined Convolutional Neural Network(CNN)model.Using the visualization approach,we obtain the colored images through byte code files of applications and perform an experiment.For analysis of the results of an experiment,we differentiate the performance of the model from other existing research studies.Furthermore,our method outperforms with 94.34%accuracy,92.9%of precision,and 92%of recall.展开更多
The smart city comprises various infrastructures,including health-care,transportation,manufacturing,and energy.A smart city’s Internet of Things(IoT)environment constitutes a massive IoT environment encom-passing num...The smart city comprises various infrastructures,including health-care,transportation,manufacturing,and energy.A smart city’s Internet of Things(IoT)environment constitutes a massive IoT environment encom-passing numerous devices.As many devices are installed,managing security for the entire IoT device ecosystem becomes challenging,and attack vectors accessible to attackers increase.However,these devices often have low power and specifications,lacking the same security features as general Information Technology(IT)systems,making them susceptible to cyberattacks.This vulnerability is particularly concerning in smart cities,where IoT devices are connected to essential support systems such as healthcare and transportation.Disruptions can lead to significant human and property damage.One rep-resentative attack that exploits IoT device vulnerabilities is the Distributed Denial of Service(DDoS)attack by forming an IoT botnet.In a smart city environment,the formation of IoT botnets can lead to extensive denial-of-service attacks,compromising the availability of services rendered by the city.Moreover,the same IoT devices are typically employed across various infrastructures within a smart city,making them potentially vulnerable to similar attacks.This paper addresses this problem by designing a defense process to effectively respond to IoT botnet attacks in smart city environ-ments.The proposed defense process leverages the defense techniques of the MITRE D3FEND framework to mitigate the propagation of IoT botnets and support rapid and integrated decision-making by security personnel,enabling an immediate response.展开更多
The evolution and expansion of IoT devices reduced human efforts,increased resource utilization, and saved time;however, IoT devices createsignificant challenges such as lack of security and privacy, making them morev...The evolution and expansion of IoT devices reduced human efforts,increased resource utilization, and saved time;however, IoT devices createsignificant challenges such as lack of security and privacy, making them morevulnerable to IoT-based botnet attacks. There is a need to develop efficientand faster models which can work in real-time with efficiency and stability. The present investigation developed two novels, Deep Neural Network(DNN) models, DNNBoT1 and DNNBoT2, to detect and classify well-knownIoT botnet attacks such as Mirai and BASHLITE from nine compromisedindustrial-grade IoT devices. The utilization of PCA was made to featureextraction and improve effectual and accurate Botnet classification in IoTenvironments. The models were designed based on rigorous hyperparameterstuning with GridsearchCV. Early stopping was utilized to avoid the effects ofoverfitting and underfitting for both DNN models. The in-depth assessmentand evaluation of the developed models demonstrated that accuracy andefficiency are some of the best-performed models. The novelty of the presentinvestigation, with developed models, bridge the gaps by using a real datasetwith high accuracy and a significantly lower false alarm rate. The results wereevaluated based on earlier studies and deemed efficient at detecting botnetattacks using the real dataset.展开更多
基金the Liaoning Province Applied Basic Research Program,2023JH2/101600038.
文摘In the face of the increasingly severe Botnet problem on the Internet,how to effectively detect Botnet traffic in realtime has become a critical problem.Although the existing deepQnetwork(DQN)algorithminDeep reinforcement learning can solve the problem of real-time updating,its prediction results are always higher than the actual results.In Botnet traffic detection,although it performs well in the training set,the accuracy rate of predicting traffic is as high as%;however,in the test set,its accuracy has declined,and it is impossible to adjust its prediction strategy on time based on new data samples.However,in the new dataset,its accuracy has declined significantly.Therefore,this paper proposes a Botnet traffic detection system based on double-layer DQN(DDQN).Two Q-values are designed to adjust the model in policy and action,respectively,to achieve real-time model updates and improve the universality and robustness of the model under different data sets.Experiments show that compared with the DQN model,when using DDQN,the Q-value is not too high,and the detectionmodel has improved the accuracy and precision of Botnet traffic.Moreover,when using Botnet data sets other than the test set,the accuracy and precision of theDDQNmodel are still higher than DQN.
基金This work was supported by the Ministry of Higher Education Malaysia’s Fundamental Research Grant Scheme under Grant FRGS/1/2021/ICT07/USM/03/1.
文摘The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as Peer-to-Peer(P2P)networks.The P2P botnets leverage the privileges of the decentralized nature of P2P networks.Consequently,the P2P botnets exploit the resilience of this architecture to be arduous against take-down procedures.Some P2P botnets are smarter to be stealthy in their Commandand-Control mechanisms(C2)and elude the standard discovery mechanisms.Therefore,the other side of this cyberwar is the monitor.The P2P botnet monitoring is an exacting mission because the monitoring must care about many aspects simultaneously.Some aspects pertain to the existing monitoring approaches,some pertain to the nature of P2P networks,and some to counter the botnets,i.e.,the anti-monitoring mechanisms.All these challenges should be considered in P2P botnet monitoring.To begin with,this paper provides an anatomy of P2P botnets.Thereafter,this paper exhaustively reviews the existing monitoring approaches of P2P botnets and thoroughly discusses each to reveal its advantages and disadvantages.In addition,this paper groups the monitoring approaches into three groups:passive,active,and hybrid monitoring approaches.Furthermore,this paper also discusses the functional and non-functional requirements of advanced monitoring.In conclusion,this paper ends by epitomizing the challenges of various aspects and gives future avenues for better monitoring of P2P botnets.
文摘The exponential growth in the development of smartphones and handheld devices is permeated due to everyday activities i.e.,games applications,entertainment,online banking,social network sites,etc.,and also allow the end users to perform a variety of activities.Because of activities,mobile devices attract cybercriminals to initiate an attack over a diverse range of malicious activities such as theft of unauthorized information,phishing,spamming,Distributed Denial of Services(DDoS),and malware dissemination.Botnet applications are a type of harmful attack that can be used to launch malicious activities and has become a significant threat in the research area.A botnet is a collection of infected devices that are managed by a botmaster and communicate with each other via a command server in order to carry out malicious attacks.With the rise in malicious attacks,detecting botnet applications has become more challenging.Therefore,it is essential to investigate mobile botnet attacks to uncover the security issues in severe financial and ethical damages caused by a massive coordinated command server.Current state of the art,various solutions were provided for the detection of botnet applications,but in general,the researchers suffer various techniques of machine learning-based methods with static features which are usually ineffective when obfuscation techniques are used for the detection of botnet applications.In this paper,we propose an approach by exploring the concept of a deep learning-based method and present a well-defined Convolutional Neural Network(CNN)model.Using the visualization approach,we obtain the colored images through byte code files of applications and perform an experiment.For analysis of the results of an experiment,we differentiate the performance of the model from other existing research studies.Furthermore,our method outperforms with 94.34%accuracy,92.9%of precision,and 92%of recall.
基金supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-00493,5G Massive Next Generation Cyber Attack Deception Technology Development,60%)supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)grant funded by the Korea government(MSIT)(No.2021-0-01806,Development of Security by Design and Security Management Technology in Smart Factory,30%)this work was supported by the Gachon University Research Fund of 2023(GCU-202106330001%,10%).
文摘The smart city comprises various infrastructures,including health-care,transportation,manufacturing,and energy.A smart city’s Internet of Things(IoT)environment constitutes a massive IoT environment encom-passing numerous devices.As many devices are installed,managing security for the entire IoT device ecosystem becomes challenging,and attack vectors accessible to attackers increase.However,these devices often have low power and specifications,lacking the same security features as general Information Technology(IT)systems,making them susceptible to cyberattacks.This vulnerability is particularly concerning in smart cities,where IoT devices are connected to essential support systems such as healthcare and transportation.Disruptions can lead to significant human and property damage.One rep-resentative attack that exploits IoT device vulnerabilities is the Distributed Denial of Service(DDoS)attack by forming an IoT botnet.In a smart city environment,the formation of IoT botnets can lead to extensive denial-of-service attacks,compromising the availability of services rendered by the city.Moreover,the same IoT devices are typically employed across various infrastructures within a smart city,making them potentially vulnerable to similar attacks.This paper addresses this problem by designing a defense process to effectively respond to IoT botnet attacks in smart city environ-ments.The proposed defense process leverages the defense techniques of the MITRE D3FEND framework to mitigate the propagation of IoT botnets and support rapid and integrated decision-making by security personnel,enabling an immediate response.
基金Authors would like to thank the Deanship of Scientific Research at Majmaah University for supporting this work under Project No.R-2021-220.
文摘The evolution and expansion of IoT devices reduced human efforts,increased resource utilization, and saved time;however, IoT devices createsignificant challenges such as lack of security and privacy, making them morevulnerable to IoT-based botnet attacks. There is a need to develop efficientand faster models which can work in real-time with efficiency and stability. The present investigation developed two novels, Deep Neural Network(DNN) models, DNNBoT1 and DNNBoT2, to detect and classify well-knownIoT botnet attacks such as Mirai and BASHLITE from nine compromisedindustrial-grade IoT devices. The utilization of PCA was made to featureextraction and improve effectual and accurate Botnet classification in IoTenvironments. The models were designed based on rigorous hyperparameterstuning with GridsearchCV. Early stopping was utilized to avoid the effects ofoverfitting and underfitting for both DNN models. The in-depth assessmentand evaluation of the developed models demonstrated that accuracy andefficiency are some of the best-performed models. The novelty of the presentinvestigation, with developed models, bridge the gaps by using a real datasetwith high accuracy and a significantly lower false alarm rate. The results wereevaluated based on earlier studies and deemed efficient at detecting botnetattacks using the real dataset.