We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR

Change to browse by:

cs

References & Citations

DBLP - CS Bibliography

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Network Security Modeling using NetFlow Data: Detecting Botnet attacks in IP Traffic

Abstract: Cybersecurity, security monitoring of malicious events in IP traffic, is an important field largely unexplored by statisticians. Computer scientists have made significant contributions in this area using statistical anomaly detection and other supervised learning methods to detect specific malicious events. In this research, we investigate the detection of botnet command and control (C&C) hosts in massive IP traffic. We use the NetFlow data, the industry standard for monitoring of IP traffic for exploratory analysis and extracting new features. Using statistical as well as deep learning models, we develop a statistical intrusion detection system (SIDS) to predict traffic traces identified with malicious attacks. Employing interpretative machine learning techniques, botnet traffic signatures are derived. These models successfully detected botnet C&C hosts and compromised devices. The results were validated by matching predictions to existing blacklists of published malicious IP addresses.
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:2108.08924 [cs.CR]
  (or arXiv:2108.08924v1 [cs.CR] for this version)

Submission history

From: Ganesh Subramaniam [view email]
[v1] Thu, 19 Aug 2021 21:34:10 GMT (2244kb,D)

Link back to: arXiv, form interface, contact.