Associated Random Neural Networks for Collective Classification of Nodes in Botnet Attacks

03/23/2023
by   Erol Gelenbe, et al.
0

Botnet attacks are a major threat to networked systems because of their ability to turn the network nodes that they compromise into additional attackers, leading to the spread of high volume attacks over long periods. The detection of such Botnets is complicated by the fact that multiple network IP addresses will be simultaneously compromised, so that Collective Classification of compromised nodes, in addition to the already available traditional methods that focus on individual nodes, can be useful. Thus this work introduces a collective Botnet attack classification technique that operates on traffic from an n-node IP network with a novel Associated Random Neural Network (ARNN) that identifies the nodes which are compromised. The ARNN is a recurrent architecture that incorporates two mutually associated, interconnected and architecturally identical n-neuron random neural networks, that act simultneously as mutual critics to reach the decision regarding which of n nodes have been compromised. A novel gradient learning descent algorithm is presented for the ARNN, and is shown to operate effectively both with conventional off-line training from prior data, and with on-line incremental training without prior off-line learning. Real data from a 107 node packet network is used with over 700,000 packets to evaluate the ARNN, showing that it provides accurate predictions. Comparisons with other well-known state of the art methods using the same learning and testing datasets, show that the ARNN offers significantly better performance.

READ FULL TEXT
research
07/18/2018

FRVM: Flexible Random Virtual IP Multiplexing in Software-Defined Networks

Network address shuffling is one of moving target defense (MTD) techniqu...
research
02/15/2023

Correlation-Aware Neural Networks for DDoS Attack Detection In IoT Systems

We present a comprehensive study on applying machine learning to detect ...
research
03/18/2021

Collective Decision of One-vs-Rest Networks for Open Set Recognition

Unknown examples that are unseen during training often appear in real-wo...
research
11/24/2022

Network Security Modelling with Distributional Data

We investigate the detection of botnet command and control (C2) hosts in...
research
03/01/2019

Attacking Graph-based Classification via Manipulating the Graph Structure

Graph-based classification methods are widely used for security and priv...
research
03/21/2023

Real-Time Cyberattack Detection with Offline and Online Learning

This paper presents several novel algorithms for real-time cyberattack d...

Please sign up or login with your details

Forgot password? Click here to reset