Skip to main content
SpringerLink
Log in

Network Anomaly Detection Based on Artificial Intelligence

  • Conference paper
  • First Online:
Recent Advances in Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP 2018)

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 110))

  • 575 Accesses

Abstract

The cyber kill chain consists of the following stages: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), actions on objectives. Based on the kill chain framework, identifying botnets is critical for defensing cyber attacks. Bot masters control the botnet through command and control servers; they often adopt the most commonly used communication channel such as through web connection in order to blend in malicious communication messages into massive normal traffic for detection evasion purpose.

By analyzing malicious and normal traffic, this study discovered the network anomalous patterns. Botnet connections exhibit some similarity behaviors which are not possessed by normal traffic. This study develops an anomaly score function to represent the anomalies and proposes a network anomaly detection method based on ant colony optimization algorithm and clustering algorithm. The experimental results show that the proposed anomaly detection method identifies botnets efficiently.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 189.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 249.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 249.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. European Union Agency for Network and Information Security, ENISA. Threat Landscape Report 2017. https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2017

  2. Blumbergs B.: Technical analysis of advanced threat tactics targeting critical information infrastructure. Cyber Security Review, Winter (2014)

    Google Scholar 

  3. Li, C., Jiang, W., Zou, X.: Botnet: survey and case study. In: Proceedings of 4th International Conference on Innovative Computing, Information and Control (ICICIC) (2009)

    Google Scholar 

  4. Cai, T., Zou, F.: Detecting HTTP botnet with clustering network traffic. In: Proceedings of 8th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM) (2012)

    Google Scholar 

  5. Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Detecting HTTP tunnels with statistical mechanisms. In: Proceedings of 2007 IEEE International Conference on Communications (2007)

    Google Scholar 

  6. Al-Bataineh, A., White, G.: Analysis and detection of malicious data exfiltration in web traffic. In: Proceedings of 7th International Conference on Malicious and Unwanted Software (MALWARE), pp. 26–31 (2012)

    Google Scholar 

  7. Zeidanloo, H.R., Azizah, A.M.: Botnet command and control mechanisms. In: Proceedings of Second International Conference on Computer and Electrical Engineering, vol. 1, pp. 564–568 (2009)

    Google Scholar 

  8. Cybint Barbri Cyber Solutions. 12 alarming cyber security facts and stats. https://www.cybintsolutions.com/cyber-security-facts-stats/. Accessed 23 June 2018

  9. Lee, J.S., Jeong, H., Park, J.H., Kim, M., Noh, B.N.: The activity analysis of malicious HTTP-based botnets using degree of periodic repeatability. In: Proceedings of the International Conference on Security Technology (SECTECH), pp. 83–86 (2008)

    Google Scholar 

  10. Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. In: Proceedings of ACM SIGCOMM, pp. 217–228 (2005)

    Article  Google Scholar 

  11. Wang, P., Lin, H.T., Wang, T.S.: A revised ant colony optimization scheme for discovering attack paths of botnet. In: Proceedings of the IEEE International Conference on Parallel and Distributed Systems, pp. 918–923 (2011)

    Google Scholar 

  12. Gu, G., Zhang, J., Lee, W.: BotSniffer: detecting botnet command and control channels in network traffic. In: Proceedings of the 16th Annual Network and Distributed System Security Symposium (2008)

    Google Scholar 

  13. Lai, G.H., Chen, C.M., Jeng, B.C., Chao, W.: Ant-based IP traceback. Exp Syst. Appl. 34, 3071–3080 (2008)

    Article  Google Scholar 

  14. Chen, C.M., Lai, G.H.: Ant-based botnet C&C server traceback. In: Proceedings of the National Computer Symposium (NCS) (2017)

    Google Scholar 

  15. Brezina Jr., I., Čičková, Z.: Solving the travelling salesman problem using the ant colony optimization. Manag. Inf. Syst. 6, 10–14 (2011)

    Google Scholar 

  16. Contagio Malware Dump. Collection of Pcap files from malware analysis. http://contagiodump.blogspot.tw/2013/04/collection-of-pcap-files-from-malware.html

Download references

Author information

Authors and Affiliations

  1. Department of Information Management, National Sun Yat-sen University, Kaohsiung, Taiwan

    Chia-Mei Chen & Wen-Ling Lo

  2. Department of Technology Crime Investigation, Taiwan Police College, Taipei, Taiwan

    Gu-Hsin Lai

  3. Department of Computer Science and Information Management, Providence University, Taichung, Taiwan

    Yu-Chen Hu

Authors
  1. Chia-Mei Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wen-Ling Lo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gu-Hsin Lai
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yu-Chen Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chia-Mei Chen .

Editor information

Editors and Affiliations

  1. College of Information Science and Engineering, Fujian University of Technology, Fuzhou, Fujian, China

    Jeng-Shyang Pan

  2. Graduate School of Engineering, Tohoku University, Sendai, Miyagi, Japan

    Akinori Ito

  3. Swinburne University of Technology, Hawthorn, VIC, Australia

    Pei-Wei Tsai

  4. Centre for Artificial Intelligence, Faculty of Engineering and Information Technology, University of Technology Sydney, Sydney, NSW, Australia

    Lakhmi C. Jain

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, CM., Lo, WL., Lai, GH., Hu, YC. (2019). Network Anomaly Detection Based on Artificial Intelligence. In: Pan, JS., Ito, A., Tsai, PW., Jain, L. (eds) Recent Advances in Intelligent Information Hiding and Multimedia Signal Processing. IIH-MSP 2018. Smart Innovation, Systems and Technologies, vol 110. Springer, Cham. https://doi.org/10.1007/978-3-030-03748-2_23

Download citation

Publish with us

Policies and ethics

Search

Navigation