ارائه روشی نوین جهت شناسایی بات نت‌ها در شبکه مبتنی بر زنجیره مارکوف

نوع مقاله : مقاله پژوهشی

نویسندگان

1 گروه مهندسی کامپیوتر، واحد نیشابور، دانشگاه آزاد اسلامی، نیشابور، ایران

2 گروه مهندسی کامپیوتر، واحدمشهد، دانشگاه آزاد اسلامی، مشهد، ایران

3 گروه مهندسی کامپیوتر، واحد قوچان، دانشگاه آزاد اسلامی ، قوچان، ایران

چکیده

بات‌نت‌ها در حال حاضر طیف وسیعیاز حملات اینترنتی را تشکیلمی‌دهند. بات‌نت‌ها، شبکه‌ای از کامپیوترهای آلوده متصل به اینترنت، با کنترل از راه دور می‌باشند. تاکنون تحقیقات زیادی در این زمینهانجام‌شده است کهبر اساس امضاهایبات‌نت‌هایکشف‌شده، ناهنجاری‌ها، رفتار ترافیکی،آدرس‌هااست. این روش‌هاتاکنوننتوانسته‌اند نرخ کشف بالایی را داشته باشندمخصوصاً برای بات‌نت‌هایی که در شرایط خاصی رفتار اصلی خود را بروز می‌دهند و یا این روش­ها می­بایست برای مقایسه گذشته بات را به‌طور کامل به خاطر بسپارند که این در مواردی نیازمند به حافظه بسیار بزرگی هست که در عمل غیرممکنمی‌شود. هدف از این تحقیق پیشنهاد ساختاری برای انجام عملیات شناسایی است که این کار در این تحقیق مبتنی بر زنجیره مارکوف ارائه‌شده است و سعی بر عدم استفاده از حافظه است. زنجیره مارکوف ارائه شده در این تحقیق نیازمند به حافظه نگهداری نیستو بر اساس تحلیل رفتاریمی باشد. روش پیشنهادی قادر است تا رفتارهایبات‌نت‌ها را با بررسیناحیه‌ رفتاری، بهتر از راهکارهای گذشته بررسی نماید که بدین شکل نیازمند به بررسی کل جریان نیست بلکه نقاط خاصی بررسی می‌شوند که این باعث کاهش سربار محاسباتی می‌شود. در این تحقیقمعیارهای مختلفی همچونخطای میانگین مربعات، دقت و صحت موردبررسی قرار گرفت و در تمامی این موارد روش پیشنهادیبه‌صورتقابل‌ملاحظه‌ای بهتر از باقیروش‌های مورد مقایسه عمل نمود.

کلیدواژه‌ها

عنوان مقاله [English]

Providing a new solution to botnet detection in a Markov chain-based network

نویسندگان [English]

  • A. Ezzatneshan 1
  • Seyed Reza Kamel Tabbakh Farizani 2
  • M. Kheirabadi 1
  • R. Ghaemi 3
1 Department of Computer Engineering, Neishabour Branch, Islamic Azad University, Neishabour, Iran
2 Department of Computer Engineering, Mashhad Branch, Islamic Azad University, Mashhad, Iran
3 Department of Computer Engineering, Quchan Branch, Islamic Azad University, Quchan, Iran
چکیده [English]

Available botnets currently cover a wide range of Internet shipments. Use the net to access the network from infected computers connected to the Internet, remotely. Using research in this field is done based on the signatures with the result of the discovered results, anomalies, traffic behavior, and existing addresses. This method has not been able to detect a high rate at the moment, which is especially useful when it performs its main behavior, or these are methods that have already been forgotten due to need for memory. It is so great that it is practically impossible to do. The purpose of this study is to propose the construction to perform the identification operation, which is presented in this study with Markov chain and without the use of memory because Markov chain in this study does not require storage memory and does not exist based on behavioral analysis. The proposed method is able to perform useful behaviors using incorrect results of the operation better than the previous solutions, because if it examines the form you need, if such conditions do not exist, it will cause a computational overhead. In this research, various criteria such as medium circuit lines, accuracy and precision under consideration are captured, and in other of these proposed methods, as more possible than other existing methods, it is better if performed.
 

کلیدواژه‌ها [English]

  • Markov chain
  • botnet discovery
  • network flow
  • feature extraction

مراجع

  1. Khanjani, “Software Blurring by Multi-Yarn Petri Nets”, 20th Annual National Conference of the Iranian Computer Association, 2015. (In Persian)##

    1. Miller, “Hybrid Analysis and Control of Malware,” Computer Sciences Department,2017.##
    2. B. A. Z. Bosnić, “Extending applications using an advanced approach to dll injection and api hooking,” Practice and Experience Journal, vol. 40, pp. 567-584,2010.##
    3. Vaziri, “Finding Bugs with a Constraint Solver,” MIT Laboratory for Computer Science, Massachusetts,2018.##
    4. https://www.hex-rays.com/products/ida/, Hex-Rays. IDA Pro, Last access: March 18, 2016.##
    5. Tan, M. Steinbach, and V. Kumar, “Introduction to Data Mining,” Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA,First Edition, 2015.##
    6. E, J. Faster and M. Degory, “The zombie roundup: understanding, detecting, and disrupting botnets,” SRUTI, 2005.##
    7. Hester, L. Helia, and K. Hour, “BotGAD: detecting botnets by capturing group activities in network traffic,” In Proceedings of the Fourth International ICST Conference on Communication System Software and Middleware,2009.##
    8. Gu G. R.Perdisci, J.Zhang, and W.Lee, “BotMiner: Clustring Analysis of NetworkTraffic for Protocol- and Structure- Independent Botnet Detection,” in Proceedings of the 17th USENIX Security Symposium, Sanjose, CA, USA.2018.##
    9. Duc, T. Yan, G. Eidenbenz, S. Ngo, and H.Qeue, “Botnets,” IEEE dependable systems and networks conference, pp. 297-306,2019.##
    10. Kenji and R. Larry, “The Feature Selection Problem: Traditional Methods and a New Algorithm,” AAAI-92 Proceedings,2016.##
    11. D. Inc., “The Role of DNS in Botnet Command and Control,” 2012.##
    12. Antonakakis, C. Elisan, D. Dagon, G. Ollmann, and E. W. Damballa, “The Command Structure of the Aurora Botnet,” 2010.##

    13. Zeng, X. Hu, and G. Shin,“Detection of Botnets Using Combined Host and Network-Level

      Information,” IEEE/IFIP International Conference on Dependable Systems & Networks (DSN),

      pp. 291-300,2017. ##

    14. Livadas, R. Walsh, D. Lapsley, and W. T. Strayer,“Using Machine Learning Techniques to Identify Botnet Traffic,” IEEE Internetwork Research Department BBN Technologies, proceeding 31th IEEE conference, pp. 967–974,2016. ##
    15. Foladi, H. Hani, Y. Farjami, and J. Rezaei, “Discovery of botnets based on network traffic behavior, the first national conference on new approaches in computer engineering and information retrieval, Rudsar,” IslamicAzad University of Rudsar and Amlash Branch, 2013. (In Persian) ##
    16. Shang,“Botnet Detection with Hybrid Analysis on Flow Based and Graph Based Features of Network Traffic,” International Conference on Cloud Computing and Security, pp. 612-621,2018. ##
    17. Stinson, J. Mitchell, “Characterizing bots’ remote control behavior,” InDetection of Intrusions & Malware, and Vulnerability Assessment,2007. ##
    18. Chi, Z.Jin, and Ch.Zheng,“Botnet detection based on behavior analytics,” pp. 612-621, 15. 03.2018. ##
    19. T. Strayer, R. Walsh, C. Livadas, and D. Lapsley, “Detecting botnets with tight command and control,”In Local Computer Networks, Proceedings 31st IEEE Conference,2016. ##
    20. Goebel and T. Holz, “Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation,” Hotbots,2017. ##
    21. Qi, J. Jiang, Z. Shi, R. Mao, and Q. Wang,“Detecting DGA-Based Botnet Using Two-Stage Anomaly Detection,” In IEEE, New York, NY, USA,2018. ##
    22. G. Efthimion and S. Payne,“Supervised Machine Learning Bot Detection Techniques to Identify Social Twitter Bots,” SMU Data Science Review, vol. 1, p. 52, 2018. ##
    23. Karasaridis, B. Rexroad, and D. Hoein, “Wide-Scale Botnet Detection and Characterization,” Workshop on Hot Topics in Understanding Botnets,2017. ##
    24. Cochran and J. Cannady, “Not so fast flux networks for concealing scam servers,” in Risks and Security of Internet and Systems (CRiSIS),2010. ##
    25. Maroussi, I. Zabah, and H. Khabaz Atai, “Network intrusion detection using a combination of artificial neural networks,” In a hierarchical manner, Electronic and Cyber Defense,vol. 8,no. 1,pp. 89-99, 2020. (In Persian) ##
    26. Wang, C. Huang, S. Lin, and Y. Lin,“A fuzzy pattern-based filtering algorithm for botnet detection,” Computer Networks, vol. 55, no. 15, pp. 3275–3286,2011. ##
    27. A. AlAhmadi and I. Martinovic,“Malware family classification using network flow sequence behavior,” in APWG Symposium on Electronic Crime Research, San Diego, CA, USA,2018. ##
    28. Shoshian, A. Rashidi, A. Jabbar, and M. Dehghani, “Transport of ambiguous cyber model based on alternative attack,” Electronic and Cyber Defense,vol. 8,no. 1,pp. 67-77, 2020. (In Persian) ##
    29. I. Ghafir, “A System for Real Time Botnet Command and Control Traffic Detection,”Cyber-Threats and Countermeasures in the Healthcare Sector, vol. 6, pp. 38947 - 38958,2018. ##
    30. Ledesma, G. Cerda, G. Avina, D. Hernandez, M. Torres, A. Gelbukh, and E.F. Morales, “Feature Selection Using Artificial Neural Networks,” MICAI 2008, LNAI 5317, pp. 351–359,2008. ##
    31. Xiaocong, D. Xiaomei, Y. Ge, Q. Yuhai, and Y. Dejun , “Data-Adaptive Clustering Analysis for Online Botnet Detection,” In Proceedingd of the 3th IEEE International Joint Conference on Computational Science and Optimization, Anhui, China,2016. ##
    32. “Microsoft Visual Studio 2015 Language Pack,” Microsoft.com. Microsoft,2019. ##
    33. https://www.cs.waikato.ac.nz/ml/weka/, 2020. ##
    34. Wackerly, W. Mendenhall, and R. Scheaffer, “Mathematical Statistics with Applications (7 Ed.),” Belmont, CA, USA: Thomson Higher Education, ISBN 0-495-38508-5,2008. ##

     

پدافند الکترونیکی و سایبری
دوره 9، شماره 3 - شماره پیاپی 35
شماره پیاپی 35، فصلنامه پاییز
آذر 1400
صفحه 59-71

فایل ها

سابقه مقاله

  • تاریخ دریافت: 11 آبان 1399
  • تاریخ بازنگری: 03 اسفند 1399
  • تاریخ پذیرش: 07 اسفند 1399
  • تاریخ انتشار: 01 آذر 1400

هم رسانی

ارجاع به این مقاله

آمار