Abstract
The cyber kill chain consists of the following stages: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), actions on objectives. Based on the kill chain framework, identifying botnets is critical for defensing cyber attacks. Bot masters control the botnet through command and control servers; they often adopt the most commonly used communication channel such as through web connection in order to blend in malicious communication messages into massive normal traffic for detection evasion purpose.
By analyzing malicious and normal traffic, this study discovered the network anomalous patterns. Botnet connections exhibit some similarity behaviors which are not possessed by normal traffic. This study develops an anomaly score function to represent the anomalies and proposes a network anomaly detection method based on ant colony optimization algorithm and clustering algorithm. The experimental results show that the proposed anomaly detection method identifies botnets efficiently.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
European Union Agency for Network and Information Security, ENISA. Threat Landscape Report 2017. https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2017
Blumbergs B.: Technical analysis of advanced threat tactics targeting critical information infrastructure. Cyber Security Review, Winter (2014)
Li, C., Jiang, W., Zou, X.: Botnet: survey and case study. In: Proceedings of 4th International Conference on Innovative Computing, Information and Control (ICICIC) (2009)
Cai, T., Zou, F.: Detecting HTTP botnet with clustering network traffic. In: Proceedings of 8th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM) (2012)
Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Detecting HTTP tunnels with statistical mechanisms. In: Proceedings of 2007 IEEE International Conference on Communications (2007)
Al-Bataineh, A., White, G.: Analysis and detection of malicious data exfiltration in web traffic. In: Proceedings of 7th International Conference on Malicious and Unwanted Software (MALWARE), pp. 26–31 (2012)
Zeidanloo, H.R., Azizah, A.M.: Botnet command and control mechanisms. In: Proceedings of Second International Conference on Computer and Electrical Engineering, vol. 1, pp. 564–568 (2009)
Cybint Barbri Cyber Solutions. 12 alarming cyber security facts and stats. https://www.cybintsolutions.com/cyber-security-facts-stats/. Accessed 23 June 2018
Lee, J.S., Jeong, H., Park, J.H., Kim, M., Noh, B.N.: The activity analysis of malicious HTTP-based botnets using degree of periodic repeatability. In: Proceedings of the International Conference on Security Technology (SECTECH), pp. 83–86 (2008)
Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: Proceedings of ACM SIGCOMM, pp. 217–228 (2005)
Wang, P., Lin, H.T., Wang, T.S.: A revised ant colony optimization scheme for discovering attack paths of botnet. In: Proceedings of the IEEE International Conference on Parallel and Distributed Systems, pp. 918–923 (2011)
Gu, G., Zhang, J., Lee, W.: BotSniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium (2008)
Lai, G.H., Chen, C.M., Jeng, B.C., Chao, W.: Ant-based IP traceback. Exp Syst. Appl. 34, 3071–3080 (2008)
Chen, C.M., Lai, G.H.: Ant-based botnet C&C server traceback. In: Proceedings of the National Computer Symposium (NCS) (2017)
Brezina Jr., I., Čičková, Z.: Solving the travelling salesman problem using the ant colony optimization. Manag. Inf. Syst. 6, 10–14 (2011)
Contagio Malware Dump. Collection of Pcap files from malware analysis. http://contagiodump.blogspot.tw/2013/04/collection-of-pcap-files-from-malware.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Chen, CM., Lo, WL., Lai, GH., Hu, YC. (2019). Network Anomaly Detection Based on Artificial Intelligence. In: Pan, JS., Ito, A., Tsai, PW., Jain, L. (eds) Recent Advances in Intelligent Information Hiding and Multimedia Signal Processing. IIH-MSP 2018. Smart Innovation, Systems and Technologies, vol 110. Springer, Cham. https://doi.org/10.1007/978-3-030-03748-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-03748-2_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03747-5
Online ISBN: 978-3-030-03748-2
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)