Providing a new solution to botnet detection in a Markov chain-based network

Document Type : Original Article

Authors

1 Department of Computer Engineering, Neishabour Branch, Islamic Azad University, Neishabour, Iran

2 Department of Computer Engineering, Mashhad Branch, Islamic Azad University, Mashhad, Iran

3 Department of Computer Engineering, Quchan Branch, Islamic Azad University, Quchan, Iran

Abstract

Available botnets currently cover a wide range of Internet shipments. Use the net to access the network from infected computers connected to the Internet, remotely. Using research in this field is done based on the signatures with the result of the discovered results, anomalies, traffic behavior, and existing addresses. This method has not been able to detect a high rate at the moment, which is especially useful when it performs its main behavior, or these are methods that have already been forgotten due to need for memory. It is so great that it is practically impossible to do. The purpose of this study is to propose the construction to perform the identification operation, which is presented in this study with Markov chain and without the use of memory because Markov chain in this study does not require storage memory and does not exist based on behavioral analysis. The proposed method is able to perform useful behaviors using incorrect results of the operation better than the previous solutions, because if it examines the form you need, if such conditions do not exist, it will cause a computational overhead. In this research, various criteria such as medium circuit lines, accuracy and precision under consideration are captured, and in other of these proposed methods, as more possible than other existing methods, it is better if performed.
 

Keywords

References

  1. Khanjani, “Software Blurring by Multi-Yarn Petri Nets”, 20th Annual National Conference of the Iranian Computer Association, 2015. (In Persian)##

    1. Miller, “Hybrid Analysis and Control of Malware,” Computer Sciences Department,2017.##
    2. B. A. Z. Bosnić, “Extending applications using an advanced approach to dll injection and api hooking,” Practice and Experience Journal, vol. 40, pp. 567-584,2010.##
    3. Vaziri, “Finding Bugs with a Constraint Solver,” MIT Laboratory for Computer Science, Massachusetts,2018.##
    4. https://www.hex-rays.com/products/ida/, Hex-Rays. IDA Pro, Last access: March 18, 2016.##
    5. Tan, M. Steinbach, and V. Kumar, “Introduction to Data Mining,” Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA,First Edition, 2015.##
    6. E, J. Faster and M. Degory, “The zombie roundup: understanding, detecting, and disrupting botnets,” SRUTI, 2005.##
    7. Hester, L. Helia, and K. Hour, “BotGAD: detecting botnets by capturing group activities in network traffic,” In Proceedings of the Fourth International ICST Conference on Communication System Software and Middleware,2009.##
    8. Gu G. R.Perdisci, J.Zhang, and W.Lee, “BotMiner: Clustring Analysis of NetworkTraffic for Protocol- and Structure- Independent Botnet Detection,” in Proceedings of the 17th USENIX Security Symposium, Sanjose, CA, USA.2018.##
    9. Duc, T. Yan, G. Eidenbenz, S. Ngo, and H.Qeue, “Botnets,” IEEE dependable systems and networks conference, pp. 297-306,2019.##
    10. Kenji and R. Larry, “The Feature Selection Problem: Traditional Methods and a New Algorithm,” AAAI-92 Proceedings,2016.##
    11. D. Inc., “The Role of DNS in Botnet Command and Control,” 2012.##
    12. Antonakakis, C. Elisan, D. Dagon, G. Ollmann, and E. W. Damballa, “The Command Structure of the Aurora Botnet,” 2010.##

    13. Zeng, X. Hu, and G. Shin,“Detection of Botnets Using Combined Host and Network-Level

      Information,” IEEE/IFIP International Conference on Dependable Systems & Networks (DSN),

      pp. 291-300,2017. ##

    14. Livadas, R. Walsh, D. Lapsley, and W. T. Strayer,“Using Machine Learning Techniques to Identify Botnet Traffic,” IEEE Internetwork Research Department BBN Technologies, proceeding 31th IEEE conference, pp. 967–974,2016. ##
    15. Foladi, H. Hani, Y. Farjami, and J. Rezaei, “Discovery of botnets based on network traffic behavior, the first national conference on new approaches in computer engineering and information retrieval, Rudsar,” IslamicAzad University of Rudsar and Amlash Branch, 2013. (In Persian) ##
    16. Shang,“Botnet Detection with Hybrid Analysis on Flow Based and Graph Based Features of Network Traffic,” International Conference on Cloud Computing and Security, pp. 612-621,2018. ##
    17. Stinson, J. Mitchell, “Characterizing bots’ remote control behavior,” InDetection of Intrusions & Malware, and Vulnerability Assessment,2007. ##
    18. Chi, Z.Jin, and Ch.Zheng,“Botnet detection based on behavior analytics,” pp. 612-621, 15. 03.2018. ##
    19. T. Strayer, R. Walsh, C. Livadas, and D. Lapsley, “Detecting botnets with tight command and control,”In Local Computer Networks, Proceedings 31st IEEE Conference,2016. ##
    20. Goebel and T. Holz, “Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation,” Hotbots,2017. ##
    21. Qi, J. Jiang, Z. Shi, R. Mao, and Q. Wang,“Detecting DGA-Based Botnet Using Two-Stage Anomaly Detection,” In IEEE, New York, NY, USA,2018. ##
    22. G. Efthimion and S. Payne,“Supervised Machine Learning Bot Detection Techniques to Identify Social Twitter Bots,” SMU Data Science Review, vol. 1, p. 52, 2018. ##
    23. Karasaridis, B. Rexroad, and D. Hoein, “Wide-Scale Botnet Detection and Characterization,” Workshop on Hot Topics in Understanding Botnets,2017. ##
    24. Cochran and J. Cannady, “Not so fast flux networks for concealing scam servers,” in Risks and Security of Internet and Systems (CRiSIS),2010. ##
    25. Maroussi, I. Zabah, and H. Khabaz Atai, “Network intrusion detection using a combination of artificial neural networks,” In a hierarchical manner, Electronic and Cyber Defense,vol. 8,no. 1,pp. 89-99, 2020. (In Persian) ##
    26. Wang, C. Huang, S. Lin, and Y. Lin,“A fuzzy pattern-based filtering algorithm for botnet detection,” Computer Networks, vol. 55, no. 15, pp. 3275–3286,2011. ##
    27. A. AlAhmadi and I. Martinovic,“Malware family classification using network flow sequence behavior,” in APWG Symposium on Electronic Crime Research, San Diego, CA, USA,2018. ##
    28. Shoshian, A. Rashidi, A. Jabbar, and M. Dehghani, “Transport of ambiguous cyber model based on alternative attack,” Electronic and Cyber Defense,vol. 8,no. 1,pp. 67-77, 2020. (In Persian) ##
    29. I. Ghafir, “A System for Real Time Botnet Command and Control Traffic Detection,”Cyber-Threats and Countermeasures in the Healthcare Sector, vol. 6, pp. 38947 - 38958,2018. ##
    30. Ledesma, G. Cerda, G. Avina, D. Hernandez, M. Torres, A. Gelbukh, and E.F. Morales, “Feature Selection Using Artificial Neural Networks,” MICAI 2008, LNAI 5317, pp. 351–359,2008. ##
    31. Xiaocong, D. Xiaomei, Y. Ge, Q. Yuhai, and Y. Dejun , “Data-Adaptive Clustering Analysis for Online Botnet Detection,” In Proceedingd of the 3th IEEE International Joint Conference on Computational Science and Optimization, Anhui, China,2016. ##
    32. “Microsoft Visual Studio 2015 Language Pack,” Microsoft.com. Microsoft,2019. ##
    33. https://www.cs.waikato.ac.nz/ml/weka/, 2020. ##
    34. Wackerly, W. Mendenhall, and R. Scheaffer, “Mathematical Statistics with Applications (7 Ed.),” Belmont, CA, USA: Thomson Higher Education, ISBN 0-495-38508-5,2008. ##

     

Electronic and Cyber Defense
Volume 9, Issue 3 - Serial Number 35
Serial No. 35, Autumn Quarterly
December 2021
Pages 59-71

Files

History

  • Receive Date: 01 November 2020
  • Revise Date: 21 February 2021
  • Accept Date: 25 February 2021
  • Publish Date: 22 November 2021

Share

How to cite

Statistics