Skip to main content

Active Spectral Botnet Detection Based on Eigenvalue Weighting

Abstract

Botnets are a distributed network of infected nodes captured by cyber-criminals to design and implement a wide-range of cyber attacks. Graph clustering is a significant trend in machine learning that aims to group the graph vertices, is a practical technique for botnet detection. Spectral Clustering algorithms are a modern, persuasive, and analytical category of graph clustering which utilizes a spectrum of a graph’s matrix to discover the hidden structure of nodes. Spectral methods employ similarity matrix of a graph, but in botnet detection problem preparing the whole of the similarity matrix is costly, time-consuming, impossible, or might have a level of uncertainty. In this chapter, we review active spectral methods presented for this occasion that suggest a recursive approach to perform clustering on datasets, including more than two clusters and illustrate deficiency of the recursive approach. Next, we propose a new method that leverages a combination of eigenvalues and eigenvectors. Furthermore, a new metric is introduced to compare active spectral algorithms by considering the directions of most important eigenvectors of queried matrix related to a complete matrix.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-38557-6_19
  • Chapter length: 13 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   169.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-38557-6
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   219.99
Price excludes VAT (USA)
Hardcover Book
USD   219.99
Price excludes VAT (USA)
Fig. 19.1
Fig. 19.2
Fig. 19.3

Notes

  1. 1.

    https://www.uvic.ca/engineering/ece/isot/datasets/.

  2. 2.

    https://tranalyzer.com/.

References

  1. A.A. Abin, H. Beigy, Active selection of clustering constraints: a sequential approach. Pattern Recogn. 47(3), 1443–1458 (2014)

    CrossRef  Google Scholar 

  2. O.Y. Al-Jarrah, O. Alhussein, P.D. Yoo, S. Muhaidat, K. Taha, K. Kim, Data randomization and cluster-based partitioning for botnet intrusion detection. IEEE Trans. Cybern. 46(8), 1796–1806 (2016). https://doi.org/10.1109/TCYB.2015.2490802

    CrossRef  Google Scholar 

  3. A. Azmoodeh, A. Dehghantanha, K.K.R. Choo, Robust malware detection for internet of (battlefield) things devices using deep eigenspace learning. IEEE Trans. Sustain. Comput. 4(1), 88–95 (2019)

    CrossRef  Google Scholar 

  4. P.N. Bahrami, A. Dehghantanha, T. Dargahi, R.M. Parizi, K.R. Choo, H.H.S. Javadi, Cyber kill chain-based taxonomy of advanced persistent threat actors: analogy of tactics, techniques, and procedures. J. Inf. Process. Syst. 15, 865–889 (2019). https://doi.org/10.3745/JIPS.03.0126

    Google Scholar 

  5. M. Bailey, E. Cooke, F. Jahanian, Y. Xu, M. Karir, A survey of botnet technology and defenses, in 2009 Cybersecurity Applications and Technology Conference for Homeland Security (IEEE, Piscataway, 2009), pp. 299–304

    CrossRef  Google Scholar 

  6. R. Bhatia, Review of matrix perturbation theory: by G.W. Stewart and Ji-Guang Sun. Linear Algebra Appl. 160, 255–259 (1992). https://doi.org/10.1016/0024-3795(92)90451-F

  7. Z. Bodó, Z. Minier, L. Csató, Active learning with clustering, in Active Learning and Experimental Design Workshop in Conjunction with AISTATS 2010 (2011), pp. 127–139

    Google Scholar 

  8. A.L. Buczak, E. Guven, A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutorials 18(2), 1153–1176 (2016). https://doi.org/10.1109/COMST.2015.2494502

    CrossRef  Google Scholar 

  9. D.G. Cacuci, Sensitivity and Uncertainty Analysis, vols. 1, 2 (Chapman & Hall/CRC Press, Boca Raton)

    Google Scholar 

  10. M.S. Cavers, The normalized laplacian matrix and general randic index of graphs. Ph.D. Thesis, University of Regina, 2010

    Google Scholar 

  11. P.K. Chan, M.D. Schlag, J.Y. Zien, Spectral K-way ratio-cut partitioning and clustering. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 13(9), 1088–1096 (1994)

    CrossRef  Google Scholar 

  12. S. Chester, B.M. Kapron, G. Srivastava, S. Venkatesh, Complexity of social network anonymization. Soc. Netw. Anal. Min. 3(2), 151–166 (2013)

    CrossRef  Google Scholar 

  13. S. Chester, G. Srivastava, Social network privacy for attribute disclosure attacks, in 2011 International Conference on Advances in Social Networks Analysis and Mining (IEEE, Piscataway, 2011), pp. 445–449

    Google Scholar 

  14. S.S. Choi, S.H. Cha, C.C. Tappert, A survey of binary similarity and distance measures. J. Syst. Cybern. Inform. 8(1), 43–48 (2010)

    Google Scholar 

  15. F.R. Chung, F.C. Graham, Spectral Graph Theory, vol. 92 (American Mathematical Society, Providence, 1997)

    Google Scholar 

  16. M. Conti, T. Dargahi, A. Dehghantanha, Cyber Threat Intelligence: Challenges and Opportunities (Springer, Cham, 2018), pp. 1–6

    CrossRef  Google Scholar 

  17. M. Conti, A. Dehghantanha, K. Franke, S. Watson, Internet of things security and forensics: challenges and opportunities. Futur. Gener. Comput. Syst. 78, 544–546 (2018)

    CrossRef  Google Scholar 

  18. E.M. Dovom, A. Azmoodeh, A. Dehghantanha, D.E. Newton, R.M. Parizi, H. Karimipour, Fuzzy pattern tree for edge malware detection and categorization in IoT. J. Syst. Archit. 97, 1–7 (2019). https://doi.org/10.1016/j.sysarc.2019.01.017

    CrossRef  Google Scholar 

  19. B. Eriksson, G. Dasarathy, A. Singh, R. Nowak, Active clustering: robust and efficient hierarchical clustering using adaptively selected similarities, in Proceedings of the 14th International Conference on Artificial Intelligence and Statistics (2011), pp. 260–268

    Google Scholar 

  20. N. Grira, M. Crucianu, N. Boujemaa, Active semi-supervised fuzzy clustering. Pattern Recogn. 41(5), 1834–1844 (2008)

    CrossRef  Google Scholar 

  21. G. Gu, R. Perdisci, J. Zhang, W. Lee, Botminer: clustering analysis of network traffic for protocol- and structure-independent botnet detection, in Proceedings of the 17th Conference on Security Symposium, SS’08 (USENIX Association, Berkeley, 2008), pp. 139–154. http://dl.acm.org/citation.cfm?id=1496711.1496721

    Google Scholar 

  22. H. Hashemi, A. Azmoodeh, A. Hamzeh, S. Hashemi, Graph embedding as a new approach for unknown malware detection. J. Comput. Virol. Hack. Tech. 13(3), 153–166 (2017)

    CrossRef  Google Scholar 

  23. S. Homayoun, M. Ahmadzadeh, S. Hashemi, A. Dehghantanha, R. Khayami, BoTShark: A Deep Learning Approach for Botnet Traffic Detection (Springer, Cham, 2018), pp. 137–153

    Google Scholar 

  24. S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, R. Khayami, Know abnormal, find evil: frequent pattern mining for ransomware threat hunting and intelligence. IEEE Trans. Emerg. Top. Comput. (1), 1–1 (2017)

    CrossRef  Google Scholar 

  25. L. Huang, D. Yan, N. Taft, M.I. Jordan, Spectral clustering with perturbed data, in Advances in Neural Information Processing Systems, ed. by D. Koller, D. Schuurmans, Y. Bengio, L. Bottou, vol. 21 (Curran Associates, Red Hook, 2009), pp. 705–712

    Google Scholar 

  26. B. Hunter, T. Strohmer, Performance analysis of spectral clustering on compressed, incomplete and inaccurate measurements (2010). arXiv:1011.0997

    Google Scholar 

  27. A.K. Jain, M.N. Murty, P.J. Flynn, Data clustering: a review. ACM Comput. Surv. 31(3), 264–323 (1999)

    CrossRef  Google Scholar 

  28. T. Joachims, Transductive learning via spectral graph partitioning, in Proceedings of the 20th International Conference on Machine Learning (ICML-03) (2003), pp. 290–297

    Google Scholar 

  29. D. Kiwia, A. Dehghantanha, Choo, K.K.R., J. Slaughter, A cyber kill chain based taxonomy of banking trojans for evolutionary computational intelligence. J. Comput. Sci. 27, 394-409 (2018)

    Google Scholar 

  30. A. Krishnamurthy, S. Balakrishnan, M. Xu, A. Singh, Efficient active algorithms for hierarchical clustering (2012). arXiv:1206.4672

    Google Scholar 

  31. C. Li, T. Amagasa, H. Kitagawa, G. Srivastava, Label-bag based graph anonymization via edge addition, in Proceedings of the 2014 International C* Conference on Computer Science & Software Engineering (ACM, 2014), p. 1

    Google Scholar 

  32. U. von Luxburg, A tutorial on spectral clustering. Stat. Comput. 17(4), 395–416 (2007). https://doi.org/10.1007/s11222-007-9033-z

    MathSciNet  CrossRef  Google Scholar 

  33. L. Mai, M. Park, A comparison of clustering algorithms for botnet detection based on network flow, in 2016 8th International Conference on Ubiquitous and Future Networks (ICUFN) (IEEE, Piscataway, 2016), pp. 667–669

    Google Scholar 

  34. L. Malina, G. Srivastava, P. Dzurenda, J. Hajny, R. Fujdiak, A secure publish/subscribe protocol for internet of things, in Proceedings of the 2019 14th International Conference on Availability, Reliability and Security (ARES 2019) (Canterbury, 2019), pp. 26–29

    Google Scholar 

  35. M.C. Nascimento, A.C. de Carvalho, Spectral methods for graph clustering—a survey. Eur. J. Oper. Res. 211(2), 221–231 (2011). https://doi.org/10.1016/j.ejor.2010.08.012

    MathSciNet  CrossRef  Google Scholar 

  36. A.Y. Ng, M.I. Jordan, Y. Weiss, On spectral clustering: analysis and an algorithm, in Advances in Neural Information Processing Systems (2002), pp. 849–856

    Google Scholar 

  37. O. Osanaiye, H. Cai, K.K.R. Choo, A. Dehghantanha, Z. Xu, M. Dlodlo, Ensemble-based multi-filter feature selection method for ddos detection in cloud computing. EURASIP J. Wirel. Commun. Netw. 2016(1), 130 (2016)

    Google Scholar 

  38. J. Sakhnini, H. Karimipour, A. Dehghantanha, R.M. Parizi, G. Srivastava, Security aspects of internet of things aided smart grids: a bibliometric survey. Internet of Things 2019, 100111 (2019). https://doi.org/10.1016/j.iot.2019.100111

    CrossRef  Google Scholar 

  39. S.E. Schaeffer, Graph clustering. Comput. Sci. Rev. 1(1), 27–64 (2007). https://doi.org/10.1016/j.cosrev.2007.05.001

    CrossRef  Google Scholar 

  40. B. Settles, Active learning. Synth. Lect. Artif. Intell. Mach. Learn. 6(1), 1–114 (2012)

    MathSciNet  CrossRef  Google Scholar 

  41. O. Shamir, N. Tishby, Spectral clustering on a budget, in Proceedings of the 14th International Conference on Artificial Intelligence and Statistics (2011), pp. 661–669

    Google Scholar 

  42. J. Shi, J. Malik, Normalized cuts and image segmentation. IEEE Trans. Pattern Anal. Mach. Intell. 22(8), 888–905 (2000). https://doi.org/10.1109/34.868688

    CrossRef  Google Scholar 

  43. D.A. Spielman, S.H. Teng, A local clustering algorithm for massive graphs and its application to nearly linear time graph partitioning. SIAM J. Comput. 42(1), 1–26 (2013)

    MathSciNet  CrossRef  Google Scholar 

  44. M. Stevanovic, J.M. Pedersen, An efficient flow-based botnet detection using supervised machine learning, in 2014 International Conference on Computing, Networking and Communications (ICNC) (2014), pp. 797–801. https://doi.org/10.1109/ICCNC.2014.6785439

  45. L.N. Trefethen, D. Bau III, Numerical Linear Algebra, vol. 50 (SIAM, 1997)

    Google Scholar 

  46. X. Wang, I. Davidson, Active spectral clustering, in 2010 IEEE International Conference on Data Mining (IEEE, Piscataway, 2010), pp. 561–568

    CrossRef  Google Scholar 

  47. F.L. Wauthier, N. Jojic, M.I. Jordan, Active spectral clustering via iterative uncertainty reduction, in Proceedings of the 18th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (ACM, New York, 2012), pp. 1339–1347

    Google Scholar 

  48. D. Yan, L. Huang, M.I. Jordan, Fast approximate spectral clustering, in Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (ACM, New York, 2009), pp. 907–916

    Google Scholar 

  49. H.R. Zeidanloo, M.J.Z. Shooshtari, P.V. Amoli, M. Safari, M. Zamani, A taxonomy of botnet detection techniques, in 2010 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT), vol. 2 (IEEE, Piscataway, 2010), pp. 158–162

    Google Scholar 

  50. J. Zhang, R. Perdisci, W. Lee, X. Luo, U. Sarfraz, Building a scalable system for stealthy p2p-botnet detection. IEEE Trans. Inf. Forensics Secur. 9(1), 27–38 (2014). https://doi.org/10.1109/TIFS.2013.2290197

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Amin Azmoodeh .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Verify currency and authenticity via CrossMark

Cite this chapter

Azmoodeh, A., Dehghantanha, A., Parizi, R.M., Hashemi, S., Gharabaghi, B., Srivastava, G. (2020). Active Spectral Botnet Detection Based on Eigenvalue Weighting. In: Choo, KK., Dehghantanha, A. (eds) Handbook of Big Data Privacy. Springer, Cham. https://doi.org/10.1007/978-3-030-38557-6_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-38557-6_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-38556-9

  • Online ISBN: 978-3-030-38557-6

  • eBook Packages: Computer ScienceComputer Science (R0)