基于时空残差网络的僵尸网络检测方法
Botnet Detection Method Based on Spatial-Temporal Residual Network
DOI: 10.12677/CSA.2022.124108, PDF,   
作者: 陈飞健:广东工业大学,计算机学院,广东 广州
关键词: 僵尸网络检测深度学习时空特征Botnet Detection Deep Learning Spatial-Temporal Feature
摘要: 僵尸网络是僵尸主机(botmaster)远程控制的受感染主机集群。传统的僵尸网络检测方法相对简单,主要来自网络数据包、结构等大量传入信息进行处理和预处理来实现的,可能存在较低的检测率,难以适应当前互联网的快速发展。针对僵尸网络检测问题,提出了一种基于时空残差特征的僵尸网络检测模型Res-1DCNN-LSTM。利用多层1DCNN和LSTM并行提取僵尸网络的空域和时序特征,然后在层与层之间引入捷径连接技术(shortcut connections)。实验结果表明,在公开数据集上,二分类和多分类的正确率可达98.89%和87.53%,在精度、召回率和F1值方面具有良好的性能。
Abstract: Botnet is an infected host cluster remotely controlled by botmaster. The traditional botnet detection method is relatively simple, mainly from the processing and preprocessing of a large number of incoming information such as network packets and structures. It may have a low detection rate and is difficult to adapt to the rapid development of the current Internet. Aiming at the problem of botnet detection, a botnet detection model Res-1DCNN-LSTM based on Spatial-temporal residual features is proposed. Multi-layer 1DCNN and LSTM are used to extract the spatial and temporal characteristics of botnet in parallel, and then the shortcut connections are introduced between layers. The experimental results show that the accuracy of binary and multi-classification can reach 98.89% and 87.53% on public datasets, and it has good performance in precision, recall and F1 value.
文章引用:陈飞健. 基于时空残差网络的僵尸网络检测方法[J]. 计算机科学与应用, 2022, 12(4): 1054-1060. https://doi.org/10.12677/CSA.2022.124108

参考文献

[1] 张保淑. 中国网民规模超10亿[N]. 人民日报海外版, 2021-08-28(002). [Google Scholar] [CrossRef
[2] Alieyan, K., Almomani, A., Manasrah, A. and Kadhum, M.M. (2017) A Survey of Botnet Detection Based on DNS. Neural Computing and Applications, 28, 1541-1558. [Google Scholar] [CrossRef
[3] Oza, A., Ross, K., Low, R.M. and Stamp, M. (2014) HTTP At-tack Detection Using N-Gram Analysis. Computers & Security, 45, 242-254. [Google Scholar] [CrossRef
[4] Nielebock, S., Heumüller, R., Schott, K.M. and Ortmeier, F. (2021) Guided Pattern Mining for API Misuse Detection by Change-Based Code Analysis. Automated Software Engineering, 28, Article No. 15. [Google Scholar] [CrossRef
[5] Shi, W.C. and Sun, H.M. (2020) DeepBot: A Time-Based Bot-Net Detection with Deep Learning. Soft Computing, 24, 16605-16616. [Google Scholar] [CrossRef
[6] Lecun, Y., Bottou, L., Bengio, Y. and Haffner, P. (1998) Gra-dient-Based Learning Applied to Document Recognition. Proceedings of the IEEE, 86, 2278-2324. [Google Scholar] [CrossRef
[7] Hochreiter, S. and Schmidhuber, J. (1997) Long Short-Term Memory. Neural Computation, 9, 1735-1780. [Google Scholar] [CrossRef] [PubMed]
[8] He, K., Zhang, X., Ren, S. and Sun, J. (2016) Deep Residual Learning for Image Recognition. 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Las Ve-gas, 27-30 June 2016, 770-778. [Google Scholar] [CrossRef
[9] Soe, Y.N., Santosa, P.I. and Hartanto, R. (2019) DDoS Attack Detec-tion Based on Simple ANN with SMOTE for IoT Environment. 2019 4th International Conference on Informatics and Computing (ICIC), Semarang, 16-17 October 2019, 1-5. [Google Scholar] [CrossRef
[10] Nanthiya, D., Keerthika, P., Gopal, S.B., Kayalvizhi, S.B., Raja, T. and Priya, R.S. (2021) SVM Based DDoS Attack Detection in IoT Using Iot-23 BotNet Dataset. 2021 Innova-tions in Power and Advanced Computing Technologies (i-PACT), Kuala Lumpur, 27-29 November 2021, 1-7. [Google Scholar] [CrossRef
[11] Nguyen, T.D., Cao, T.D. and Nguyen, L.G. (2015) DGA Botnet Detection Using Collaborative Filtering and Density-Based Clustering. Proceedings of the 6th International Symposium on Information and Communication Technology, Hue City, December 2015, 203-209. [Google Scholar] [CrossRef
[12] Yerima, S.Y. and Alzaylaee, M.K. (2020) Mobile Botnet Detection: A Deep Learning Approach Using Convolutional Neural Networks. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), Dublin, 15-19 June 2020, 1-8. [Google Scholar] [CrossRef
[13] Biswas, R. and Roy, S. (2021) Botnet Traffic Identifi-cation Using Neural Networks. Multimedia Tools and Applications, 80, 24147-24171. [Google Scholar] [CrossRef
[14] Alkahtani, H. and Aldhyani, T.H.H. (2021) Botnet Attack De-tection by Using CNN-LSTM Model for Internet of Things Applications. Security and Communication Networks, 2021, Article ID: 3806459. [Google Scholar] [CrossRef
[15] Li, C., Zhang, Y., Wang, W., Liao, Z. and Feng, F. (2022) Botnet De-tection with Deep Neural Networks Using Feature Fusion. 2022 International Seminar on Computer Science and Engi-neering Technology (SCSET), Indianapolis, 8-9 January 2022, 255-258. [Google Scholar] [CrossRef
[16] Meidan, Y., Bohadana, M., Mathov, Y., et al. (2018) N-baiot—Network-Based Detection of Iot Botnet Attacks Using Deep Autoencoders. IEEE Pervasive Computing, 17, 12-22.