تجاوز إلى المحتوى الرئيسي
User Image

Dr Bushra Alahmadi | د. بشرى عبدالرحمن الأحمدي

Assistant Professor

أستاذ مساعد, قسم تقنية المعلومات

علوم الحاسب والمعلومات
TBD
المنشورات
ورقة مؤتمر
2020

BOTection: Bot Detection by Building Markov Chain Models of Bots Network Behavior

Botnets continue to be a threat to organizations, thus various machine learning-based botnet detectors have been proposed. However, the capability of such systems in detecting new or unseen botnets is crucial to ensure its robustness against the rapid evolution of botnets. Moreover, it prolongs the effectiveness of the system in detecting bots, avoiding frequent and time-consuming classifier re-training. We present BOTection, a privacy-preserving bot detection system that models the bot network flow behavior as a Markov Chain. The Markov Chain state transitions capture the bots' network behavior using high-level flow features as states, producing content-agnostic and encryption resilient behavioral features. These features are used to train a classifier to first detect flows produced by bots, and then identify their bot families. We evaluate our system on a dataset of over 7M malicious flows from 12 botnet families, showing its capability of detecting bots' network traffic with 99.78% F-measure and classifying it to a malware family with a 99.09% F-measure. Notably, due to the modeling of general bot network behavior by the Markov Chains, BOTection can detect traffic belonging to unseen bot families with an F-measure of 93.03% making it robust against malware evolution.

اسم المؤتمر
Asia CCS
مزيد من المنشورات
publications

Security practitioners working in Security Operations Centres (SOCs) are responsible for detectingand mitigating malicious computer network activity.

2020
publications

In Security Operations Centres (SOCs) security practitioners work using a range of tools to detect and mitigate malicious computer-network activity. Sonification, in which data is represented as…

2018
publications

Botnets continue to be a threat to organizations, thus various machine learning-based botnet detectors have been proposed. However, the capability of such systems in detecting new or unseen…

2020