| Presentation | 2019-07-04 Traffic Feature-based Botnet Detection Scheme Emphasizing the Importance of Long Patterns Yichen An, Shuichiro Haruta, Sanghun Choi, Iwao Sasase, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | The botnet detection is imperative. Among several detection schemes, the promising one uses the communication sequences. The main idea of that scheme is that the communication sequences represent special feature since they are controlled by programs. That sequence is tokenized to truncated sequences by $n$-gram and the numbers of each pattern's occurrence are used as a feature vector. However, although the features are normalized by the total number of all patterns' occurrences, the number of occurrences in larger $n$ are less than those of smaller $n$. That is, regardless of the value of $n$, the previous scheme normalizes it by the total number of all patterns' occurrences. As a result, normalized long patterns' features become very small value and are hidden by others. In order to overcome this shortcoming, in this paper, we propose tit. We realize the emphasizing by two ideas. The first idea is normalizing occurrences by the total number of occurrences in each $n$ instead of the total number of all patterns' occurrences. By doing this, smaller occurrences in larger $n$ are normalized by smaller values and the feature becomes more balanced with larger value. The second idea is giving weights to the normalized features by calculating ranks of the normalized feature. By weighting features according to the ranks, we can get more outstanding features of longer patterns. By the computer simulation with real dataset, we show the effectiveness of our scheme. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | botnet detectionmachine learningfeature emphasizing |
| Paper # | CS2019-18 |
| Date of Issue | 2019-06-27 (CS) |
| Conference Information | |
| Committee | CS |
|---|---|
| Conference Date | 2019/7/4(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Amami City Social Welfare Center |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Next Generation Networks, Access Networks, Broadband Access, Power Line Communications, Wireless Communication Systems, Coding Systems, etc. |
| Chair | Hidenori Nakazato(Waseda Univ.) |
| Vice Chair | Jun Terada(NTT) |
| Secretary | Jun Terada(Waseda Univ.) |
| Assistant | Kazutaka Hara(NTT) / Hiroyuki Saito(OKI) |
| Paper Information | |
| Registration To | Technical Committee on Communication Systems |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Traffic Feature-based Botnet Detection Scheme Emphasizing the Importance of Long Patterns |
| Sub Title (in English) | |
| Keyword(1) | botnet detectionmachine learningfeature emphasizing |
| 1st Author's Name | Yichen An |
| 1st Author's Affiliation | Keio University(Keio Univ.) |
| 2nd Author's Name | Shuichiro Haruta |
| 2nd Author's Affiliation | Keio University(Keio Univ.) |
| 3rd Author's Name | Sanghun Choi |
| 3rd Author's Affiliation | Keio University(Keio Univ.) |
| 4th Author's Name | Iwao Sasase |
| 4th Author's Affiliation | Keio University(Keio Univ.) |
| Date | 2019-07-04 |
| Paper # | CS2019-18 |
| Volume (vol) | vol.119 |
| Number (no) | CS-101 |
| Page | pp.pp.31-35(CS), |
| #Pages | 5 |
| Date of Issue | 2019-06-27 (CS) |