Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection

IEEE Transactions on Cybernetics

Volumn 46, Issue 8, 2016, Pages 1796-1806

  Al Jarrah, Omar Y ^a   Alhussein, Omar ^b   Yoo, Paul D ^c   Muhaidat, Sami ^a,d   Taha, Kamal ^a   Kim, Kwangjo ^e  

^a KHALIFA UNIVERSITY   (United Arab Emirates)

^b SIMON FRASER UNIVERSITY   (Canada)

^c BOURNEMOUTH UNIVERSITY   (United Kingdom)

^d UNIVERSITY OF SURREY   (United Kingdom)

^e Korea Institute of Science and Technology   (South Korea)

Author keywords

Botnet intrusion detection; efficient learning; ensembles; feature selection; machine learning (ML)

Indexed keywords

ARTIFICIAL INTELLIGENCE; INSPECTION; LEARNING SYSTEMS; MALWARE; MERCURY (METAL); OPTIMIZATION;

DEEP NEURAL NETWORKS; DISTRIBUTED PLATFORMS; INTRUSION DETECTION SYSTEMS; MACHINE LEARNING MODELS; META-LEARNING TECHNIQUES; REDUCED-ERROR PRUNING; SEQUENTIAL MINIMAL OPTIMIZATION; USER DATAGRAM PROTOCOL;

INTRUSION DETECTION;

EID: 84946083260     PISSN: 21682267     EISSN: None     Source Type: Journal    
DOI: 10.1109/TCYB.2015.2490802     Document Type: Article

References (53)

1. M. Abu Rajab, J. Zarfoss, F. Monrose, and A. Terzis, "A multifaceted approach to understanding the botnet phenomenon," in Proc. 6th ACM SIGCOMM Conf. Internet Meas., New York, NY, USA, 2006. pp. 41-52.
2. N. S. Raghava, D. Sahgal, and S. Chandna, "Classification of botnet detection based on botnet architechture," in Proc. Int. Conf. Commun. Syst. Netw. Technol. (CSNT), Rajkot, India, 2012, pp. 569-572.
3. B. Al-Duwairi and L. Al-Ebbini, "BotDigger: A fuzzy inference system for botnet detection," in Proc. 5th Int. Conf. Internet Monitor. Prot. (ICIMP), Barcelona, Spain, 2010, pp. 16-21.
4. D. E. Denning, "An intrusion-detection model," IEEE Trans. Softw. Eng., vol. SE-13, no. 2, pp. 222-232, Feb. 1987.
5. J. Zhang and M. Zulkernine, "Network intrusion detection using random forests," in Proc. PST, St. Andrews, NB, Canada, 2005, pp. 53-61.
6. M. Roesch, "Snort-Lightweight intrusion detection for networks," in Proc. USENIX LISA, Nov. 1999.
7. Z. Yu, J. J. P. Tsai, and T. Weigert, "An automatically tuning intrusion detection system," IEEE Trans. Syst., Man, Cybern. B, Cybern., vol. 37, no. 2, pp. 373-384, Apr. 2007.
8. W. Hu, J. Gao, Y. Wang, O. Wu, and S. Maybank, "Online adaboostbased parameterized methods for dynamic distributed network intrusion detection," IEEE Trans. Cybern., vol. 44, no. 1, pp. 66-82, Jan. 2014.
9. S. T. Sarasamma and Q. A. Zhu, "Min-max hyperellipsoidal clustering for anomaly detection in network security," IEEE Trans. Syst., Man, Cybern. B, Cybern., vol. 36, no. 4, pp. 887-901, Aug. 2006.
10. C.-F. Tsai, Y.-F. Hsu, C.-Y. Lin, and W.-Y. Lin, "Intrusion detection by machine learning: A review," Expert Syst. Appl., vol. 36, no. 10, pp. 11994-12000, 2009.
11. M. E. Whitman and H. Mattord, Principles of Information Security. Clifton Park, NY, USA: Cengage Learning, 2011.
12. F. Zhang, P. P. K. Chan, B. Biggio, D. S. Yeung, and F. Roli, "Adversarial feature selection against evasion attacks," IEEE Trans. Cybern., to be published.
13. M.-H. Tsai, K.-C. Chang, C.-C. Lin, C.-H. Mao, and H.-M. Lee, "C&C tracer: Botnet command and control behavior tracing," in Proc. IEEE Int. Conf. Syst., Man, Cybern. (SMC), Anchorage, AK, USA, 2011, pp. 1859-1864.
14. D. Zhao et al., "Botnet detection based on traffic behavior analysis and flow intervals," Comput. Security, vol. 39, pp. 2-16, Nov. 2013.
15. M. Feily, A. Shahrestani, and S. Ramadass, "A survey of botnet and botnet detection," in Proc. 3rd Int. Conf. Emerg. Security Inf., Syst. Technol., SECURWARE, Athens, Greece, 2009, pp. 268-273.
16. G. Gu, P. A. Porras, V. Yegneswaran, M. W. Fong, and W. Lee, "BotHunter: Detecting malware infection through IDS-driven dialog correlation," in Proc. USENIX Security, Boston, MA, USA, 2007, pp. 167-182.
17. A. Karasaridis, B. Rexroad, and D. Hoeflin, "Wide-scale botnet detection and characterization," in Proc. 1st Conf. First Workshop Hot Topics Und. Botnets, Cambridge, MA, USA, 2007, p. 7.
18. G. Gu, J. Zhang, and W. Lee, "BotSniffer: Detecting botnet command and control channels in network traffic," 2008.
19. S. Arshad, M. Abbaspour, M. Kharrazi, and H. Sanatkar, "An anomalybased botnet detection approach for identifying stealthy botnets," in Proc. IEEE Int. Conf. Comput. Appl. Ind. Electron. (ICCAIE), Penang, Malaysia, 2011, pp. 564-569.
20. L. Cao and X. Qiu, "Defence against botnets: A formal definition and a general framework," in Proc. IEEE 8th Int. Conf. Netw., Archit. Stor. (NAS), Xi'an, China, 2013, pp. 237-241.
21. R. Villamarin-Salomon and J. C. Brustoloni, "Identifying botnets using anomaly detection techniques applied to DNS traffic," in Proc. IEEE 5th Consum. Commun. Netw. Conf. CCNC, Las Vegas, NV, USA, 2008, pp. 476-481.
22. H. Choi, H. Lee, H. Lee, and H. Kim, "Botnet detection by monitoring group activities in DNS traffic," in Proc. 7th IEEE Int. Conf. Comput. Inf. Technol., CIT, Aizuwakamatsu, Japan, 2007, pp. 715-720.
23. S.-J. Han and S.-B. Cho, "Evolutionary neural networks for anomaly detection based on the behavior of a program," IEEE Trans. Syst., Man, Cybern. B, Cybern., vol. 36, no. 3, pp. 559-570, Jun. 2005.
24. W. T. Strayer, D. Lapsely, R. Walsh, and C. Livadas, "Botnet detection based on network behavior," in Botnet Detection. Medford, MA, USA: Springer, 2008, pp. 1-24.
25. M. M. Masud, T. Al-Khateeb, L. Khan, B. Thuraisingham, and K. W. Hamlen, "Flow-based identification of botnet traffic by mining multiple log files," in Proc. 1st Int. Conf. Distrib. Framework Appl., DFmA, Penang, Malaysia, 2008, pp. 200-206.
26. S. Saad et al., "Detecting P2P botnets through network behavior analysis and machine learning," in Proc. 9th Annu. Int. Conf. Privacy, Security Trust (PST), Montreal, QC, Canada, 2011, pp. 174-180.
27. F. Rasheed and R. Alhajj, "A framework for periodic outlier pattern detection in time-series sequences," IEEE Trans. Cybern., vol. 44, no. 5, pp. 569-582, May 2014.
28. L. Bilge, D. Balzarotti, W. Robertson, E. Kirda, and C. Kruegel, "Disclosure: Detecting botnet command and control servers through large-scale netflow analysis," in Proc. 28th Annu. Comput. Security Appl. Conf., Orlando, FL, USA, 2012, pp. 129-138.
29. M. Stevanovic and J. M. Pedersen, "An efficient flow-based botnet detection using supervised machine learning," in Proc. Int. Conf. Comput., Netw. Commun. (ICNC), Honolulu, HI, USA, 2014, pp. 797-801.
30. L. Braun, G. Munz, and G. Carle, "Packet sampling for worm and botnet detection in TCP connections," in Proc. IEEE Netw. Oper. Manage. Symp. (NOMS), Osaka, Japan, 2010, pp. 264-271.
31. (Jan. 2015). French Chapter of Honenynet. [Online]. Available: http://www.honeynet.org/chapters/france
32. G. Szabó, D. Orincsay, S. Malomsoky, and I. Szabó, "On the validation of traffic classification algorithms," in Passive and Active Network Measurement. Berlin, Germany: Springer, 2008, pp. 72-81.
33. A. Sperotto et al., "An overview of IP flow-based intrusion detection," IEEE Commun. Surveys Tuts., vol. 12, no. 3, pp. 343-356, Jul. 2010.
34. H. Hang, X. Wei, M. Faloutsos, and T. Eliassi-Rad, "Entelecheia: Detecting P2P botnets in their waiting stage," in Proc. IFIP Netw. Conf., Brooklyn, NY, USA, 2013, pp. 1-9.
35. I. Guyon and A. Elisseeff, "An introduction to variable and feature selection," J. Mach. Learn. Res., vol. 3, pp. 1157-1182, Mar. 2003.
36. V. Bolón-Canedo, N. Sánchez-Maroño, and A. Alonso-Betanzos, "A review of feature selection methods on synthetic data," Knowl. Inf. Syst., vol. 34, no. 3, pp. 483-519, 2013.
37. M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, "Network anomaly detection: Methods, systems and tools," IEEE Commun. Surveys Tuts., vol. 16, no. 1, pp. 303-336. Feb. 2014.
38. S. Zaman and F. Karray, "Features selection for intrusion detection systems based on support vector machines," in Proc. 6th IEEE Consum. Commun. Netw. Conf. (CCNC), Las Vegas, NV, USA, 2009, pp. 1-8.
39. J. C. Riquelme, J. S. Aguilar-Ruiz, and M. Toro, "Finding representative patterns with ordered projections," Pattern Recognit., vol. 36, no. 4, pp. 1009-1018, 2003.
40. T. Raicharoen and C. Lursinsap, "A divide-and-conquer approach to the pairwise opposite class-nearest neighbor (POC-NN) algorithm," Pattern Recognit. Lett., vol. 26, no. 10, pp. 1554-1567, 2005.
41. J. C. Bezdek and L. I. Kuncheva, "Nearest prototype classifier designs: An experimental study," Int. J. Intell. Syst., vol. 16, no. 12, pp. 1445-1473, 2001.
42. R. A. Mollineda, F. J. Ferri, and E. Vidal, "An efficient prototype merging strategy for the condensed 1-NN rule through class-conditional hierarchical clustering," Pattern Recognit., vol. 35, no. 12, pp. 2771-2782, 2002.
43. C. J. Veenman and M. J. T. Reinders, "The nearest subclass classifier: A compromise between the nearest mean and nearest neighbor classifier," IEEE Trans. Pattern Anal. Mach. Intell., vol. 27, no. 9, pp. 1417-1429, Sep. 2005.
44. K. Josien, G. Wang, T. W. Liao, E. Triantaphyllou, and M. C. Liu, "An evaluation of sampling methods for data mining with fuzzy c-means," in Data Mining for Design and Manufacturing. New York, NY, USA: Springer, 2001, pp. 355-369.
45. A. Rajaraman and J. D. Ullman, Mining of Massive Datasets. Cambridge, U.K.: Cambridge Univ. Press, 2011.
46. M. P. S. Bhatia and D. Khurana, "Experimental study of data clustering using k-means and modified algorithms," Int. J. Data Mining Knowl. Manage. Process (IJDKP), vol. 3, no. 3, pp. 17-30, 2013.
47. W. N. H. W. Mohamed, M. N. M. Salleh, and A. H. Omar, "A comparative study of reduced error pruning method in decision tree algorithms," in Proc. IEEE Int. Conf. Control Syst. Comput. Eng. (ICCSCE), Penang, Malaysia, 2012, pp. 392-397.
48. F. Aurenhammer and R. Klein, "Voronoi diagrams," Handbook of Computational Geometry, vol. 5. Amsterdam, The Netherlands: Elsevier North Holland, 2000, pp. 201-290.
49. J. R. Quinlan, "Induction of decision trees," Mach. Learn., vol. 1, no. 1, pp. 81-106, 1986.
50. L. Breiman, "Bagging predictors," Mach. Learn., vol. 24, no. 2, pp. 123-140, 1996.
51. L. Breiman, J. H. Friedman, R. A. Olshen, and C. J. Stone, Classification and Regression Trees. Monterey, CA, USA: Wadsworth and Brooks, 1984.
52. M. A. Hall, "Correlation-based feature selection for machine learning," Ph.D. dissertation, Dept. Comput. Sci., Waikato Univ., Hamilton, New Zealand, 1999.
53. I. H. Witten and E. Frank, Data Mining: Practical Machine Learning Tools and Techniques. Amsterdam, The Netherlands: Morgan Kaufmann, 2005.