Monsieur poirot: Detecting botnets using re-identification algorithm and nontrivial feature selection technique

Wei Min Lee; Amir Rezapour; Wen-Guey Tzeng

doi:10.1109/ICC.2018.8422081

Monsieur poirot: Detecting botnets using re-identification algorithm and nontrivial feature selection technique

Wei Min Lee, Amir Rezapour, Wen-Guey Tzeng

資訊科學與工程研究所

研究成果: Conference contribution › 同行評審

2 引文斯高帕斯（Scopus）

摘要

Modern botnets are progressively migrating to P2P network to resist against take-down attempts. In addition, new botnets use randomization in their behavior to evade detection. In this paper, we propose a new method for detecting stealthy P2P bots. We formulate the problem as a re-identification problem. This opens the possibility of powerful instantiations of detection algorithms to address the botnet detection problem. We also use a nontrivial feature selection technique to discover the best feature pairs for conducting comparison between two flows. We use real-world botnet data to evaluate the performance of Monsieur Poirot and compare it with existing flow-based algorithms. Monsieur Poirot is robust towards injection of noise in the communication patterns. The experimental results show that Monsieur Poirot is able to identify P2P bots with an average TPR of 98.65% and an average FPR of 0.21%.

原文	English
主出版物標題	2018 IEEE International Conference on Communications, ICC 2018 - Proceedings
發行者	Institute of Electrical and Electronics Engineers Inc.
ISBN（列印）	9781538631805
DOIs	https://doi.org/10.1109/ICC.2018.8422081
出版狀態	Published - 27 七月 2018
事件	2018 IEEE International Conference on Communications, ICC 2018 - Kansas City, United States 持續時間: 20 五月 2018 → 24 五月 2018

出版系列

名字	IEEE International Conference on Communications
卷	2018-May
ISSN（列印）	1550-3607

Conference

Conference	2018 IEEE International Conference on Communications, ICC 2018
國家	United States
城市	Kansas City
期間	20/05/18 → 24/05/18

存取文件

10.1109/ICC.2018.8422081

指紋深入研究「Monsieur poirot: Detecting botnets using re-identification algorithm and nontrivial feature selection technique」主題。共同形成了獨特的指紋。

引用此

Lee, W. M., Rezapour, A., & Tzeng, W-G. (2018). Monsieur poirot: Detecting botnets using re-identification algorithm and nontrivial feature selection technique. 於 2018 IEEE International Conference on Communications, ICC 2018 - Proceedings [8422081] (IEEE International Conference on Communications; 卷 2018-May). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICC.2018.8422081

@inproceedings{0c0d1233fbfb4f10810da172ce152fa2,

title = "Monsieur poirot: Detecting botnets using re-identification algorithm and nontrivial feature selection technique",

abstract = "Modern botnets are progressively migrating to P2P network to resist against take-down attempts. In addition, new botnets use randomization in their behavior to evade detection. In this paper, we propose a new method for detecting stealthy P2P bots. We formulate the problem as a re-identification problem. This opens the possibility of powerful instantiations of detection algorithms to address the botnet detection problem. We also use a nontrivial feature selection technique to discover the best feature pairs for conducting comparison between two flows. We use real-world botnet data to evaluate the performance of Monsieur Poirot and compare it with existing flow-based algorithms. Monsieur Poirot is robust towards injection of noise in the communication patterns. The experimental results show that Monsieur Poirot is able to identify P2P bots with an average TPR of 98.65% and an average FPR of 0.21%.",

author = "Lee, {Wei Min} and Amir Rezapour and Wen-Guey Tzeng",

year = "2018",

month = jul,

day = "27",

doi = "10.1109/ICC.2018.8422081",

language = "English",

isbn = "9781538631805",

series = "IEEE International Conference on Communications",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2018 IEEE International Conference on Communications, ICC 2018 - Proceedings",

address = "United States",

note = "null ; Conference date: 20-05-2018 Through 24-05-2018",

}

Lee, WM, Rezapour, A & Tzeng, W-G 2018, Monsieur poirot: Detecting botnets using re-identification algorithm and nontrivial feature selection technique. 於 2018 IEEE International Conference on Communications, ICC 2018 - Proceedings., 8422081, IEEE International Conference on Communications, 卷 2018-May, Institute of Electrical and Electronics Engineers Inc., 2018 IEEE International Conference on Communications, ICC 2018, Kansas City, United States, 20/05/18. https://doi.org/10.1109/ICC.2018.8422081

Monsieur poirot : Detecting botnets using re-identification algorithm and nontrivial feature selection technique. / Lee, Wei Min; Rezapour, Amir; Tzeng, Wen-Guey.

2018 IEEE International Conference on Communications, ICC 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2018. 8422081 (IEEE International Conference on Communications; 卷 2018-May).

研究成果: Conference contribution › 同行評審

TY - GEN

T1 - Monsieur poirot

AU - Lee, Wei Min

AU - Rezapour, Amir

AU - Tzeng, Wen-Guey

PY - 2018/7/27

Y1 - 2018/7/27

N2 - Modern botnets are progressively migrating to P2P network to resist against take-down attempts. In addition, new botnets use randomization in their behavior to evade detection. In this paper, we propose a new method for detecting stealthy P2P bots. We formulate the problem as a re-identification problem. This opens the possibility of powerful instantiations of detection algorithms to address the botnet detection problem. We also use a nontrivial feature selection technique to discover the best feature pairs for conducting comparison between two flows. We use real-world botnet data to evaluate the performance of Monsieur Poirot and compare it with existing flow-based algorithms. Monsieur Poirot is robust towards injection of noise in the communication patterns. The experimental results show that Monsieur Poirot is able to identify P2P bots with an average TPR of 98.65% and an average FPR of 0.21%.

AB - Modern botnets are progressively migrating to P2P network to resist against take-down attempts. In addition, new botnets use randomization in their behavior to evade detection. In this paper, we propose a new method for detecting stealthy P2P bots. We formulate the problem as a re-identification problem. This opens the possibility of powerful instantiations of detection algorithms to address the botnet detection problem. We also use a nontrivial feature selection technique to discover the best feature pairs for conducting comparison between two flows. We use real-world botnet data to evaluate the performance of Monsieur Poirot and compare it with existing flow-based algorithms. Monsieur Poirot is robust towards injection of noise in the communication patterns. The experimental results show that Monsieur Poirot is able to identify P2P bots with an average TPR of 98.65% and an average FPR of 0.21%.

UR - http://www.scopus.com/inward/record.url?scp=85051445668&partnerID=8YFLogxK

U2 - 10.1109/ICC.2018.8422081

DO - 10.1109/ICC.2018.8422081

M3 - Conference contribution

AN - SCOPUS:85051445668

SN - 9781538631805

T3 - IEEE International Conference on Communications

BT - 2018 IEEE International Conference on Communications, ICC 2018 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 20 May 2018 through 24 May 2018

ER -

Lee WM, Rezapour A, Tzeng W-G. Monsieur poirot: Detecting botnets using re-identification algorithm and nontrivial feature selection technique. 於 2018 IEEE International Conference on Communications, ICC 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2018. 8422081. (IEEE International Conference on Communications). https://doi.org/10.1109/ICC.2018.8422081