Diagnosing bot infections using Bayesian inference

Prior research in botnet detection has used the bot lifecycle to build detection systems. These systems, however, use rule-based decision engines which lack automated adaptability and learning, accuracy tunability, the ability to cope with gaps in training data, and the ability to incorporate local...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Journal of Computer Virology and Hacking Techniques 2018-02, Vol.14 (1), p.21-38
Hauptverfasser:	Ashfaq, Ayesha Binte, Abaid, Zainab, Ismail, Maliha, Aslam, Muhammad Umar, Syed, Affan A., Khayam, Syed Ali
Format:	Artikel
Sprache:	eng
Schlagworte:	Accuracy Automation Bayesian analysis Coding Computer Science Detectors Engines False alarms Malware Model accuracy Original Paper Policies Post-production processing Sensors Statistical inference Training
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	38
container_issue	1
container_start_page	21
container_title	Journal of Computer Virology and Hacking Techniques
container_volume	14
creator	Ashfaq, Ayesha Binte Abaid, Zainab Ismail, Maliha Aslam, Muhammad Umar Syed, Affan A. Khayam, Syed Ali
description	Prior research in botnet detection has used the bot lifecycle to build detection systems. These systems, however, use rule-based decision engines which lack automated adaptability and learning, accuracy tunability, the ability to cope with gaps in training data, and the ability to incorporate local security policies. To counter these limitations, we propose to replace the rigid decision engines in contemporary bot detectors with a more formal Bayesian inference engine. Bottleneck, our prototype implementation, builds confidence in bot infections based on the causal bot lifecycle encoded in a Bayesian network. We evaluate Bottleneck by applying it as a post-processing decision engine on lifecycle events generated by two existing bot detectors (BotHunter and BotFlex) on two independently-collected datasets. Our experimental results show that Bottleneck consistently achieves comparable or better accuracy than the existing rule-based detectors when the test data is similar to the training data. For differing training and test data, Bottleneck, due to its automated learning and inference models, easily surpasses the accuracies of rule-based systems. Moreover, Bottleneck’s stochastic nature allows its accuracy to be tuned with respect to organizational needs. Extending Bottleneck’s Bayesian network into an influence diagram allows for local security policies to be defined within our framework. Lastly, we show that Bottleneck can also be extended to incorporate evidence trustscore for false alarm reduction.
doi_str_mv	10.1007/s11416-016-0286-y
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2007703729</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2007703729</sourcerecordid><originalsourceid>FETCH-LOGICAL-c316t-3b99eca97ebd85dac9917921eb0c5b8c6c572b2471045e98e3d3ff0f0155ad023</originalsourceid><addsrcrecordid>eNp1UE1LxDAQDaLgsu4P8FbwXJ1JmqY56voJC170HNJ0Wrpouibtof_edivoxcNjhpn33jCPsUuEawRQNxExwzyFGbzI0_GErTjPRVooIU7_9OdsE-MeAJDLQuVyxfh9axvfxdY3Sdn1Setrcn3b-ZgMx-GdHSm21h83gbyjC3ZW249Im5-6Zu-PD2_b53T3-vSyvd2lTmDep6LUmpzVisqqkJV1WqPSHKkEJ8vC5U4qXvJMIWSSdEGiEnUNNaCUtgIu1uxq8T2E7mug2Jt9NwQ_nTR8-lqBUFxPLFxYLnQxBqrNIbSfNowGwczpmCUdAzOmdMw4afiiiRPXNxR-nf8XfQN_ZWbu</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2007703729</pqid></control><display><type>article</type><title>Diagnosing bot infections using Bayesian inference</title><source>SpringerNature Journals</source><source>Alma/SFX Local Collection</source><creator>Ashfaq, Ayesha Binte ; Abaid, Zainab ; Ismail, Maliha ; Aslam, Muhammad Umar ; Syed, Affan A. ; Khayam, Syed Ali</creator><creatorcontrib>Ashfaq, Ayesha Binte ; Abaid, Zainab ; Ismail, Maliha ; Aslam, Muhammad Umar ; Syed, Affan A. ; Khayam, Syed Ali</creatorcontrib><description>Prior research in botnet detection has used the bot lifecycle to build detection systems. These systems, however, use rule-based decision engines which lack automated adaptability and learning, accuracy tunability, the ability to cope with gaps in training data, and the ability to incorporate local security policies. To counter these limitations, we propose to replace the rigid decision engines in contemporary bot detectors with a more formal Bayesian inference engine. Bottleneck, our prototype implementation, builds confidence in bot infections based on the causal bot lifecycle encoded in a Bayesian network. We evaluate Bottleneck by applying it as a post-processing decision engine on lifecycle events generated by two existing bot detectors (BotHunter and BotFlex) on two independently-collected datasets. Our experimental results show that Bottleneck consistently achieves comparable or better accuracy than the existing rule-based detectors when the test data is similar to the training data. For differing training and test data, Bottleneck, due to its automated learning and inference models, easily surpasses the accuracies of rule-based systems. Moreover, Bottleneck’s stochastic nature allows its accuracy to be tuned with respect to organizational needs. Extending Bottleneck’s Bayesian network into an influence diagram allows for local security policies to be defined within our framework. Lastly, we show that Bottleneck can also be extended to incorporate evidence trustscore for false alarm reduction.</description><identifier>ISSN: 2263-8733</identifier><identifier>EISSN: 2263-8733</identifier><identifier>DOI: 10.1007/s11416-016-0286-y</identifier><language>eng</language><publisher>Paris: Springer Paris</publisher><subject>Accuracy ; Automation ; Bayesian analysis ; Coding ; Computer Science ; Detectors ; Engines ; False alarms ; Malware ; Model accuracy ; Original Paper ; Policies ; Post-production processing ; Sensors ; Statistical inference ; Training</subject><ispartof>Journal of Computer Virology and Hacking Techniques, 2018-02, Vol.14 (1), p.21-38</ispartof><rights>Springer-Verlag France 2016</rights><rights>Copyright Springer Science & Business Media 2018</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c316t-3b99eca97ebd85dac9917921eb0c5b8c6c572b2471045e98e3d3ff0f0155ad023</citedby><cites>FETCH-LOGICAL-c316t-3b99eca97ebd85dac9917921eb0c5b8c6c572b2471045e98e3d3ff0f0155ad023</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s11416-016-0286-y$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s11416-016-0286-y$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,780,784,27924,27925,41488,42557,51319</link.rule.ids></links><search><creatorcontrib>Ashfaq, Ayesha Binte</creatorcontrib><creatorcontrib>Abaid, Zainab</creatorcontrib><creatorcontrib>Ismail, Maliha</creatorcontrib><creatorcontrib>Aslam, Muhammad Umar</creatorcontrib><creatorcontrib>Syed, Affan A.</creatorcontrib><creatorcontrib>Khayam, Syed Ali</creatorcontrib><title>Diagnosing bot infections using Bayesian inference</title><title>Journal of Computer Virology and Hacking Techniques</title><addtitle>J Comput Virol Hack Tech</addtitle><description>Prior research in botnet detection has used the bot lifecycle to build detection systems. These systems, however, use rule-based decision engines which lack automated adaptability and learning, accuracy tunability, the ability to cope with gaps in training data, and the ability to incorporate local security policies. To counter these limitations, we propose to replace the rigid decision engines in contemporary bot detectors with a more formal Bayesian inference engine. Bottleneck, our prototype implementation, builds confidence in bot infections based on the causal bot lifecycle encoded in a Bayesian network. We evaluate Bottleneck by applying it as a post-processing decision engine on lifecycle events generated by two existing bot detectors (BotHunter and BotFlex) on two independently-collected datasets. Our experimental results show that Bottleneck consistently achieves comparable or better accuracy than the existing rule-based detectors when the test data is similar to the training data. For differing training and test data, Bottleneck, due to its automated learning and inference models, easily surpasses the accuracies of rule-based systems. Moreover, Bottleneck’s stochastic nature allows its accuracy to be tuned with respect to organizational needs. Extending Bottleneck’s Bayesian network into an influence diagram allows for local security policies to be defined within our framework. Lastly, we show that Bottleneck can also be extended to incorporate evidence trustscore for false alarm reduction.</description><subject>Accuracy</subject><subject>Automation</subject><subject>Bayesian analysis</subject><subject>Coding</subject><subject>Computer Science</subject><subject>Detectors</subject><subject>Engines</subject><subject>False alarms</subject><subject>Malware</subject><subject>Model accuracy</subject><subject>Original Paper</subject><subject>Policies</subject><subject>Post-production processing</subject><subject>Sensors</subject><subject>Statistical inference</subject><subject>Training</subject><issn>2263-8733</issn><issn>2263-8733</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2018</creationdate><recordtype>article</recordtype><recordid>eNp1UE1LxDAQDaLgsu4P8FbwXJ1JmqY56voJC170HNJ0Wrpouibtof_edivoxcNjhpn33jCPsUuEawRQNxExwzyFGbzI0_GErTjPRVooIU7_9OdsE-MeAJDLQuVyxfh9axvfxdY3Sdn1Setrcn3b-ZgMx-GdHSm21h83gbyjC3ZW249Im5-6Zu-PD2_b53T3-vSyvd2lTmDep6LUmpzVisqqkJV1WqPSHKkEJ8vC5U4qXvJMIWSSdEGiEnUNNaCUtgIu1uxq8T2E7mug2Jt9NwQ_nTR8-lqBUFxPLFxYLnQxBqrNIbSfNowGwczpmCUdAzOmdMw4afiiiRPXNxR-nf8XfQN_ZWbu</recordid><startdate>20180201</startdate><enddate>20180201</enddate><creator>Ashfaq, Ayesha Binte</creator><creator>Abaid, Zainab</creator><creator>Ismail, Maliha</creator><creator>Aslam, Muhammad Umar</creator><creator>Syed, Affan A.</creator><creator>Khayam, Syed Ali</creator><general>Springer Paris</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>20180201</creationdate><title>Diagnosing bot infections using Bayesian inference</title><author>Ashfaq, Ayesha Binte ; Abaid, Zainab ; Ismail, Maliha ; Aslam, Muhammad Umar ; Syed, Affan A. ; Khayam, Syed Ali</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c316t-3b99eca97ebd85dac9917921eb0c5b8c6c572b2471045e98e3d3ff0f0155ad023</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2018</creationdate><topic>Accuracy</topic><topic>Automation</topic><topic>Bayesian analysis</topic><topic>Coding</topic><topic>Computer Science</topic><topic>Detectors</topic><topic>Engines</topic><topic>False alarms</topic><topic>Malware</topic><topic>Model accuracy</topic><topic>Original Paper</topic><topic>Policies</topic><topic>Post-production processing</topic><topic>Sensors</topic><topic>Statistical inference</topic><topic>Training</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ashfaq, Ayesha Binte</creatorcontrib><creatorcontrib>Abaid, Zainab</creatorcontrib><creatorcontrib>Ismail, Maliha</creatorcontrib><creatorcontrib>Aslam, Muhammad Umar</creatorcontrib><creatorcontrib>Syed, Affan A.</creatorcontrib><creatorcontrib>Khayam, Syed Ali</creatorcontrib><collection>CrossRef</collection><jtitle>Journal of Computer Virology and Hacking Techniques</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ashfaq, Ayesha Binte</au><au>Abaid, Zainab</au><au>Ismail, Maliha</au><au>Aslam, Muhammad Umar</au><au>Syed, Affan A.</au><au>Khayam, Syed Ali</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Diagnosing bot infections using Bayesian inference</atitle><jtitle>Journal of Computer Virology and Hacking Techniques</jtitle><stitle>J Comput Virol Hack Tech</stitle><date>2018-02-01</date><risdate>2018</risdate><volume>14</volume><issue>1</issue><spage>21</spage><epage>38</epage><pages>21-38</pages><issn>2263-8733</issn><eissn>2263-8733</eissn><abstract>Prior research in botnet detection has used the bot lifecycle to build detection systems. These systems, however, use rule-based decision engines which lack automated adaptability and learning, accuracy tunability, the ability to cope with gaps in training data, and the ability to incorporate local security policies. To counter these limitations, we propose to replace the rigid decision engines in contemporary bot detectors with a more formal Bayesian inference engine. Bottleneck, our prototype implementation, builds confidence in bot infections based on the causal bot lifecycle encoded in a Bayesian network. We evaluate Bottleneck by applying it as a post-processing decision engine on lifecycle events generated by two existing bot detectors (BotHunter and BotFlex) on two independently-collected datasets. Our experimental results show that Bottleneck consistently achieves comparable or better accuracy than the existing rule-based detectors when the test data is similar to the training data. For differing training and test data, Bottleneck, due to its automated learning and inference models, easily surpasses the accuracies of rule-based systems. Moreover, Bottleneck’s stochastic nature allows its accuracy to be tuned with respect to organizational needs. Extending Bottleneck’s Bayesian network into an influence diagram allows for local security policies to be defined within our framework. Lastly, we show that Bottleneck can also be extended to incorporate evidence trustscore for false alarm reduction.</abstract><cop>Paris</cop><pub>Springer Paris</pub><doi>10.1007/s11416-016-0286-y</doi><tpages>18</tpages></addata></record>
fulltext	fulltext
identifier	ISSN: 2263-8733
ispartof	Journal of Computer Virology and Hacking Techniques, 2018-02, Vol.14 (1), p.21-38
issn	2263-8733 2263-8733
language	eng
recordid	cdi_proquest_journals_2007703729
source	SpringerNature Journals; Alma/SFX Local Collection
subjects	Accuracy Automation Bayesian analysis Coding Computer Science Detectors Engines False alarms Malware Model accuracy Original Paper Policies Post-production processing Sensors Statistical inference Training
title	Diagnosing bot infections using Bayesian inference
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-22T05%3A49%3A53IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Diagnosing%20bot%20infections%20using%20Bayesian%20inference&rft.jtitle=Journal%20of%20Computer%20Virology%20and%20Hacking%20Techniques&rft.au=Ashfaq,%20Ayesha%20Binte&rft.date=2018-02-01&rft.volume=14&rft.issue=1&rft.spage=21&rft.epage=38&rft.pages=21-38&rft.issn=2263-8733&rft.eissn=2263-8733&rft_id=info:doi/10.1007/s11416-016-0286-y&rft_dat=%3Cproquest_cross%3E2007703729%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2007703729&rft_id=info:pmid/&rfr_iscdi=true