Abstract
Botnets are a distributed network of infected nodes captured by cyber-criminals to design and implement a wide-range of cyber attacks. Graph clustering is a significant trend in machine learning that aims to group the graph vertices, is a practical technique for botnet detection. Spectral Clustering algorithms are a modern, persuasive, and analytical category of graph clustering which utilizes a spectrum of a graph’s matrix to discover the hidden structure of nodes. Spectral methods employ similarity matrix of a graph, but in botnet detection problem preparing the whole of the similarity matrix is costly, time-consuming, impossible, or might have a level of uncertainty. In this chapter, we review active spectral methods presented for this occasion that suggest a recursive approach to perform clustering on datasets, including more than two clusters and illustrate deficiency of the recursive approach. Next, we propose a new method that leverages a combination of eigenvalues and eigenvectors. Furthermore, a new metric is introduced to compare active spectral algorithms by considering the directions of most important eigenvectors of queried matrix related to a complete matrix.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
A.A. Abin, H. Beigy, Active selection of clustering constraints: a sequential approach. Pattern Recogn. 47(3), 1443–1458 (2014)
O.Y. Al-Jarrah, O. Alhussein, P.D. Yoo, S. Muhaidat, K. Taha, K. Kim, Data randomization and cluster-based partitioning for botnet intrusion detection. IEEE Trans. Cybern. 46(8), 1796–1806 (2016). https://doi.org/10.1109/TCYB.2015.2490802
A. Azmoodeh, A. Dehghantanha, K.K.R. Choo, Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning. IEEE Trans. Sustain. Comput. 4(1), 88–95 (2019)
P.N. Bahrami, A. Dehghantanha, T. Dargahi, R.M. Parizi, K.R. Choo, H.H.S. Javadi, Cyber kill chain-based taxonomy of advanced persistent threat actors: analogy of tactics, techniques, and procedures. J. Inf. Process. Syst. 15, 865–889 (2019). https://doi.org/10.3745/JIPS.03.0126
M. Bailey, E. Cooke, F. Jahanian, Y. Xu, M. Karir, A survey of botnet technology and defenses, in 2009 Cybersecurity Applications and Technology Conference for Homeland Security (IEEE, Piscataway, 2009), pp. 299–304
R. Bhatia, Review of matrix perturbation theory: by G.W. Stewart and Ji-Guang Sun. Linear Algebra Appl. 160, 255–259 (1992). https://doi.org/10.1016/0024-3795(92)90451-F
Z. Bodó, Z. Minier, L. Csató, Active learning with clustering, in Active Learning and Experimental Design Workshop in Conjunction with AISTATS 2010 (2011), pp. 127–139
A.L. Buczak, E. Guven, A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutorials 18(2), 1153–1176 (2016). https://doi.org/10.1109/COMST.2015.2494502
D.G. Cacuci, Sensitivity and Uncertainty Analysis, vols. 1, 2 (Chapman & Hall/CRC Press, Boca Raton)
M.S. Cavers, The normalized laplacian matrix and general randic index of graphs. Ph.D. Thesis, University of Regina, 2010
P.K. Chan, M.D. Schlag, J.Y. Zien, Spectral K-way ratio-cut partitioning and clustering. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 13(9), 1088–1096 (1994)
S. Chester, B.M. Kapron, G. Srivastava, S. Venkatesh, Complexity of social network anonymization. Soc. Netw. Anal. Min. 3(2), 151–166 (2013)
S. Chester, G. Srivastava, Social network privacy for attribute disclosure attacks, in 2011 International Conference on Advances in Social Networks Analysis and Mining (IEEE, Piscataway, 2011), pp. 445–449
S.S. Choi, S.H. Cha, C.C. Tappert, A survey of binary similarity and distance measures. J. Syst. Cybern. Inform. 8(1), 43–48 (2010)
F.R. Chung, F.C. Graham, Spectral Graph Theory, vol. 92 (American Mathematical Society, Providence, 1997)
M. Conti, T. Dargahi, A. Dehghantanha, Cyber Threat Intelligence: Challenges and Opportunities (Springer, Cham, 2018), pp. 1–6
M. Conti, A. Dehghantanha, K. Franke, S. Watson, Internet of things security and forensics: challenges and opportunities. Futur. Gener. Comput. Syst. 78, 544–546 (2018)
E.M. Dovom, A. Azmoodeh, A. Dehghantanha, D.E. Newton, R.M. Parizi, H. Karimipour, Fuzzy pattern tree for edge malware detection and categorization in IoT. J. Syst. Archit. 97, 1–7 (2019). https://doi.org/10.1016/j.sysarc.2019.01.017
B. Eriksson, G. Dasarathy, A. Singh, R. Nowak, Active clustering: robust and efficient hierarchical clustering using adaptively selected similarities, in Proceedings of the 14th International Conference on Artificial Intelligence and Statistics (2011), pp. 260–268
N. Grira, M. Crucianu, N. Boujemaa, Active semi-supervised fuzzy clustering. Pattern Recogn. 41(5), 1834–1844 (2008)
G. Gu, R. Perdisci, J. Zhang, W. Lee, Botminer: clustering analysis of network traffic for protocol- and structure-independent botnet detection, in Proceedings of the 17th Conference on Security Symposium, SS’08 (USENIX Association, Berkeley, 2008), pp. 139–154. http://dl.acm.org/citation.cfm?id=1496711.1496721
H. Hashemi, A. Azmoodeh, A. Hamzeh, S. Hashemi, Graph embedding as a new approach for unknown malware detection. J. Comput. Virol. Hack. Tech. 13(3), 153–166 (2017)
S. Homayoun, M. Ahmadzadeh, S. Hashemi, A. Dehghantanha, R. Khayami, BoTShark: A Deep Learning Approach for Botnet Traffic Detection (Springer, Cham, 2018), pp. 137–153
S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, R. Khayami, Know abnormal, find evil: frequent pattern mining for ransomware threat hunting and intelligence. IEEE Trans. Emerg. Top. Comput. (1), 1–1 (2017)
L. Huang, D. Yan, N. Taft, M.I. Jordan, Spectral clustering with perturbed data, in Advances in Neural Information Processing Systems, ed. by D. Koller, D. Schuurmans, Y. Bengio, L. Bottou, vol. 21 (Curran Associates, Red Hook, 2009), pp. 705–712
B. Hunter, T. Strohmer, Performance analysis of spectral clustering on compressed, incomplete and inaccurate measurements (2010). arXiv:1011.0997
A.K. Jain, M.N. Murty, P.J. Flynn, Data clustering: a review. ACM Comput. Surv. 31(3), 264–323 (1999)
T. Joachims, Transductive learning via spectral graph partitioning, in Proceedings of the 20th International Conference on Machine Learning (ICML-03) (2003), pp. 290–297
D. Kiwia, A. Dehghantanha, Choo, K.K.R., J. Slaughter, A cyber kill chain based taxonomy of banking trojans for evolutionary computational intelligence. J. Comput. Sci. 27, 394-409 (2018)
A. Krishnamurthy, S. Balakrishnan, M. Xu, A. Singh, Efficient active algorithms for hierarchical clustering (2012). arXiv:1206.4672
C. Li, T. Amagasa, H. Kitagawa, G. Srivastava, Label-bag based graph anonymization via edge addition, in Proceedings of the 2014 International C* Conference on Computer Science & Software Engineering (ACM, 2014), p. 1
U. von Luxburg, A tutorial on spectral clustering. Stat. Comput. 17(4), 395–416 (2007). https://doi.org/10.1007/s11222-007-9033-z
L. Mai, M. Park, A comparison of clustering algorithms for botnet detection based on network flow, in 2016 8th International Conference on Ubiquitous and Future Networks (ICUFN) (IEEE, Piscataway, 2016), pp. 667–669
L. Malina, G. Srivastava, P. Dzurenda, J. Hajny, R. Fujdiak, A secure publish/subscribe protocol for internet of things, in Proceedings of the 2019 14th International Conference on Availability, Reliability and Security (ARES 2019) (Canterbury, 2019), pp. 26–29
M.C. Nascimento, A.C. de Carvalho, Spectral methods for graph clustering—a survey. Eur. J. Oper. Res. 211(2), 221–231 (2011). https://doi.org/10.1016/j.ejor.2010.08.012
A.Y. Ng, M.I. Jordan, Y. Weiss, On spectral clustering: analysis and an algorithm, in Advances in Neural Information Processing Systems (2002), pp. 849–856
O. Osanaiye, H. Cai, K.K.R. Choo, A. Dehghantanha, Z. Xu, M. Dlodlo, Ensemble-based multi-filter feature selection method for ddos detection in cloud computing. EURASIP J. Wirel. Commun. Netw. 2016(1), 130 (2016)
J. Sakhnini, H. Karimipour, A. Dehghantanha, R.M. Parizi, G. Srivastava, Security aspects of internet of things aided smart grids: a bibliometric survey. Internet of Things 2019, 100111 (2019). https://doi.org/10.1016/j.iot.2019.100111
S.E. Schaeffer, Graph clustering. Comput. Sci. Rev. 1(1), 27–64 (2007). https://doi.org/10.1016/j.cosrev.2007.05.001
B. Settles, Active learning. Synth. Lect. Artif. Intell. Mach. Learn. 6(1), 1–114 (2012)
O. Shamir, N. Tishby, Spectral clustering on a budget, in Proceedings of the 14th International Conference on Artificial Intelligence and Statistics (2011), pp. 661–669
J. Shi, J. Malik, Normalized cuts and image segmentation. IEEE Trans. Pattern Anal. Mach. Intell. 22(8), 888–905 (2000). https://doi.org/10.1109/34.868688
D.A. Spielman, S.H. Teng, A local clustering algorithm for massive graphs and its application to nearly linear time graph partitioning. SIAM J. Comput. 42(1), 1–26 (2013)
M. Stevanovic, J.M. Pedersen, An efficient flow-based botnet detection using supervised machine learning, in 2014 International Conference on Computing, Networking and Communications (ICNC) (2014), pp. 797–801. https://doi.org/10.1109/ICCNC.2014.6785439
L.N. Trefethen, D. Bau III, Numerical Linear Algebra, vol. 50 (SIAM, 1997)
X. Wang, I. Davidson, Active spectral clustering, in 2010 IEEE International Conference on Data Mining (IEEE, Piscataway, 2010), pp. 561–568
F.L. Wauthier, N. Jojic, M.I. Jordan, Active spectral clustering via iterative uncertainty reduction, in Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (ACM, New York, 2012), pp. 1339–1347
D. Yan, L. Huang, M.I. Jordan, Fast approximate spectral clustering, in Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (ACM, New York, 2009), pp. 907–916
H.R. Zeidanloo, M.J.Z. Shooshtari, P.V. Amoli, M. Safari, M. Zamani, A taxonomy of botnet detection techniques, in 2010 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT), vol. 2 (IEEE, Piscataway, 2010), pp. 158–162
J. Zhang, R. Perdisci, W. Lee, X. Luo, U. Sarfraz, Building a scalable system for stealthy p2p-botnet detection. IEEE Trans. Inf. Forensics Secur. 9(1), 27–38 (2014). https://doi.org/10.1109/TIFS.2013.2290197
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Azmoodeh, A., Dehghantanha, A., Parizi, R.M., Hashemi, S., Gharabaghi, B., Srivastava, G. (2020). Active Spectral Botnet Detection Based on Eigenvalue Weighting. In: Choo, KK., Dehghantanha, A. (eds) Handbook of Big Data Privacy. Springer, Cham. https://doi.org/10.1007/978-3-030-38557-6_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-38557-6_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-38556-9
Online ISBN: 978-3-030-38557-6
eBook Packages: Computer ScienceComputer Science (R0)