Ontology-based botnet topology discovery approach with ip flow data

Ci Bin Jiang, Jung-Shian Li

研究成果: Article

摘要

Botnet activity continues to grow at an alarming rate and poses a major threat to the security of networked systems around the world. Botnet malfeasance is quite devastating, such as credit card stealing or DDoS. So it is important to understand the botnet behavior, topology and structure. If botnet communication can be tracked, the C&C server can be identified and infection routes detected, allowing for takedown of botnets. Hence, we propose a new ontology and a set of inference rules to facilitate the automatic identification of the botnet topology by means of a machine learning algorithm. The validity of the proposed approach is demonstrated utilizing blacklisted IP flow data collected over three plus months. The inference time and system convergence performance obtained when using the proposed ontology and inference rules are systematically examined. Overall, the results presented in this paper indicate that the proposed methodology provides a viable means of determining botnet topology with low inference time and high degree of accuracy compared to previous research works, thereby enabling appropriate security measures to be put in place.

原文English
頁(從 - 到)308-325
頁數18
期刊International Journal of Innovative Computing, Information and Control
11
發行號1
出版狀態Published - 2015 一月 1

指紋

Data Flow
Ontology
Inference Rules
Topology
DDoS
Infection
Learning Algorithm
Machine Learning
Continue
Server
Methodology
Botnet
Learning algorithms
Learning systems
Servers
Communication

All Science Journal Classification (ASJC) codes

  • Software
  • Theoretical Computer Science
  • Information Systems
  • Computational Theory and Mathematics

引用此文

@article{a9115a071b244975af95c0870d9b5815,
title = "Ontology-based botnet topology discovery approach with ip flow data",
abstract = "Botnet activity continues to grow at an alarming rate and poses a major threat to the security of networked systems around the world. Botnet malfeasance is quite devastating, such as credit card stealing or DDoS. So it is important to understand the botnet behavior, topology and structure. If botnet communication can be tracked, the C&C server can be identified and infection routes detected, allowing for takedown of botnets. Hence, we propose a new ontology and a set of inference rules to facilitate the automatic identification of the botnet topology by means of a machine learning algorithm. The validity of the proposed approach is demonstrated utilizing blacklisted IP flow data collected over three plus months. The inference time and system convergence performance obtained when using the proposed ontology and inference rules are systematically examined. Overall, the results presented in this paper indicate that the proposed methodology provides a viable means of determining botnet topology with low inference time and high degree of accuracy compared to previous research works, thereby enabling appropriate security measures to be put in place.",
author = "Jiang, {Ci Bin} and Jung-Shian Li",
year = "2015",
month = "1",
day = "1",
language = "English",
volume = "11",
pages = "308--325",
journal = "International Journal of Innovative Computing, Information and Control",
issn = "1349-4198",
publisher = "IJICIC Editorial Office",
number = "1",

}

TY - JOUR

T1 - Ontology-based botnet topology discovery approach with ip flow data

AU - Jiang, Ci Bin

AU - Li, Jung-Shian

PY - 2015/1/1

Y1 - 2015/1/1

N2 - Botnet activity continues to grow at an alarming rate and poses a major threat to the security of networked systems around the world. Botnet malfeasance is quite devastating, such as credit card stealing or DDoS. So it is important to understand the botnet behavior, topology and structure. If botnet communication can be tracked, the C&C server can be identified and infection routes detected, allowing for takedown of botnets. Hence, we propose a new ontology and a set of inference rules to facilitate the automatic identification of the botnet topology by means of a machine learning algorithm. The validity of the proposed approach is demonstrated utilizing blacklisted IP flow data collected over three plus months. The inference time and system convergence performance obtained when using the proposed ontology and inference rules are systematically examined. Overall, the results presented in this paper indicate that the proposed methodology provides a viable means of determining botnet topology with low inference time and high degree of accuracy compared to previous research works, thereby enabling appropriate security measures to be put in place.

AB - Botnet activity continues to grow at an alarming rate and poses a major threat to the security of networked systems around the world. Botnet malfeasance is quite devastating, such as credit card stealing or DDoS. So it is important to understand the botnet behavior, topology and structure. If botnet communication can be tracked, the C&C server can be identified and infection routes detected, allowing for takedown of botnets. Hence, we propose a new ontology and a set of inference rules to facilitate the automatic identification of the botnet topology by means of a machine learning algorithm. The validity of the proposed approach is demonstrated utilizing blacklisted IP flow data collected over three plus months. The inference time and system convergence performance obtained when using the proposed ontology and inference rules are systematically examined. Overall, the results presented in this paper indicate that the proposed methodology provides a viable means of determining botnet topology with low inference time and high degree of accuracy compared to previous research works, thereby enabling appropriate security measures to be put in place.

UR - http://www.scopus.com/inward/record.url?scp=84922024563&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84922024563&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:84922024563

VL - 11

SP - 308

EP - 325

JO - International Journal of Innovative Computing, Information and Control

JF - International Journal of Innovative Computing, Information and Control

SN - 1349-4198

IS - 1

ER -