VAE-Based Latent Representations Learning for Botnet Detection in IoT Networks

Botnets pose significant threats to cybersecurity. The infected Internet of Things (IoT) devices are used to launch unsupported malicious activities on target entities to disrupt their operations and services. To address this danger, we propose a machine learning-based method, for detecting botnets...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Journal of network and systems management 2023-03, Vol.31 (1), p.4, Article 4
Hauptverfasser:	Snoussi, Ramzi, Youssef, Habib
Format:	Artikel
Sprache:	eng
Schlagworte:	Communications Engineering Communications traffic Computer Communication Networks Computer Science Computer Systems Organization and Communication Networks Cybersecurity Information Systems and Communication Service Internet of Things Machine learning Malware Methods Network analysis Networks Operations Research/Decision Theory Performance evaluation Representations
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue	1
container_start_page	4
container_title	Journal of network and systems management
container_volume	31
creator	Snoussi, Ramzi Youssef, Habib
description	Botnets pose significant threats to cybersecurity. The infected Internet of Things (IoT) devices are used to launch unsupported malicious activities on target entities to disrupt their operations and services. To address this danger, we propose a machine learning-based method, for detecting botnets by analyzing network traffic data flow including various types of botnet attacks. Our method uses a hybrid model where a Variational AutoEncoder (VAE) is trained in an unsupervised manner to learn latent representations that describe the benign traffic data, and one-class classifier (OCC) for detecting anomaly (also called novelty detection). The main aim of this research is to learn the discriminating representations of the normal data in low dimensional latent space generated by VAE, and thus improve the predictive power of the OCC to detect malicious traffic. We have evaluated the performance of our model, and compared it against baseline models using a real network based dataset, containing popular IoT devices, and presenting a wide variety of attacks from two recent botnet families Mirai and Bashlite. Tests showed that our model can detect botnets with a satisfactory performance.
doi_str_mv	10.1007/s10922-022-09690-4
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2771496687</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2722606207</sourcerecordid><originalsourceid>FETCH-LOGICAL-c347t-c32b3f3bbbc641f459c5468a30072969be8b41643065a0abf0ffb5a0c8e6756e3</originalsourceid><addsrcrecordid>eNp9UE1LAzEQXUTBWv0DngKeVyffu8e21g9YKkj1GpI1KVs1W5MU8d-bZQVvPczMg3lvPl5RXGK4xgDyJmKoCSlhiFrUULKjYoK5pKWUwI8zBsFKySWcFmcxbgGgojWfFKvX2bKc62jfUKOT9Qk9212wMSOdut5H1FgdfOc3yPUBzfvkbUK3Ntl2aKPOo8d-jVY2fffhPZ4XJ05_RHvxV6fFy91yvXgom6f7x8WsKVvKZMqZGOqoMaYVDDvG65YzUWmafyH5fmMrw7BgFATXoI0D50xGbWWF5MLSaXE1zt2F_mtvY1Lbfh98XqmIlJjVQlTyMIsQAYLAwCIjqw19jME6tQvdpw4_CoMa3FWjuwqGGNxVLIvoKIqZ7Dc2_I8-oPoFxol7Hg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2722606207</pqid></control><display><type>article</type><title>VAE-Based Latent Representations Learning for Botnet Detection in IoT Networks</title><source>SpringerLink Journals - AutoHoldings</source><creator>Snoussi, Ramzi ; Youssef, Habib</creator><creatorcontrib>Snoussi, Ramzi ; Youssef, Habib</creatorcontrib><description>Botnets pose significant threats to cybersecurity. The infected Internet of Things (IoT) devices are used to launch unsupported malicious activities on target entities to disrupt their operations and services. To address this danger, we propose a machine learning-based method, for detecting botnets by analyzing network traffic data flow including various types of botnet attacks. Our method uses a hybrid model where a Variational AutoEncoder (VAE) is trained in an unsupervised manner to learn latent representations that describe the benign traffic data, and one-class classifier (OCC) for detecting anomaly (also called novelty detection). The main aim of this research is to learn the discriminating representations of the normal data in low dimensional latent space generated by VAE, and thus improve the predictive power of the OCC to detect malicious traffic. We have evaluated the performance of our model, and compared it against baseline models using a real network based dataset, containing popular IoT devices, and presenting a wide variety of attacks from two recent botnet families Mirai and Bashlite. Tests showed that our model can detect botnets with a satisfactory performance.</description><identifier>ISSN: 1064-7570</identifier><identifier>EISSN: 1573-7705</identifier><identifier>DOI: 10.1007/s10922-022-09690-4</identifier><language>eng</language><publisher>New York: Springer US</publisher><subject>Communications Engineering ; Communications traffic ; Computer Communication Networks ; Computer Science ; Computer Systems Organization and Communication Networks ; Cybersecurity ; Information Systems and Communication Service ; Internet of Things ; Machine learning ; Malware ; Methods ; Network analysis ; Networks ; Operations Research/Decision Theory ; Performance evaluation ; Representations</subject><ispartof>Journal of network and systems management, 2023-03, Vol.31 (1), p.4, Article 4</ispartof><rights>The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2022. Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c347t-c32b3f3bbbc641f459c5468a30072969be8b41643065a0abf0ffb5a0c8e6756e3</citedby><cites>FETCH-LOGICAL-c347t-c32b3f3bbbc641f459c5468a30072969be8b41643065a0abf0ffb5a0c8e6756e3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s10922-022-09690-4$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s10922-022-09690-4$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,780,784,27923,27924,41487,42556,51318</link.rule.ids></links><search><creatorcontrib>Snoussi, Ramzi</creatorcontrib><creatorcontrib>Youssef, Habib</creatorcontrib><title>VAE-Based Latent Representations Learning for Botnet Detection in IoT Networks</title><title>Journal of network and systems management</title><addtitle>J Netw Syst Manage</addtitle><description>Botnets pose significant threats to cybersecurity. The infected Internet of Things (IoT) devices are used to launch unsupported malicious activities on target entities to disrupt their operations and services. To address this danger, we propose a machine learning-based method, for detecting botnets by analyzing network traffic data flow including various types of botnet attacks. Our method uses a hybrid model where a Variational AutoEncoder (VAE) is trained in an unsupervised manner to learn latent representations that describe the benign traffic data, and one-class classifier (OCC) for detecting anomaly (also called novelty detection). The main aim of this research is to learn the discriminating representations of the normal data in low dimensional latent space generated by VAE, and thus improve the predictive power of the OCC to detect malicious traffic. We have evaluated the performance of our model, and compared it against baseline models using a real network based dataset, containing popular IoT devices, and presenting a wide variety of attacks from two recent botnet families Mirai and Bashlite. Tests showed that our model can detect botnets with a satisfactory performance.</description><subject>Communications Engineering</subject><subject>Communications traffic</subject><subject>Computer Communication Networks</subject><subject>Computer Science</subject><subject>Computer Systems Organization and Communication Networks</subject><subject>Cybersecurity</subject><subject>Information Systems and Communication Service</subject><subject>Internet of Things</subject><subject>Machine learning</subject><subject>Malware</subject><subject>Methods</subject><subject>Network analysis</subject><subject>Networks</subject><subject>Operations Research/Decision Theory</subject><subject>Performance evaluation</subject><subject>Representations</subject><issn>1064-7570</issn><issn>1573-7705</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GNUQQ</sourceid><recordid>eNp9UE1LAzEQXUTBWv0DngKeVyffu8e21g9YKkj1GpI1KVs1W5MU8d-bZQVvPczMg3lvPl5RXGK4xgDyJmKoCSlhiFrUULKjYoK5pKWUwI8zBsFKySWcFmcxbgGgojWfFKvX2bKc62jfUKOT9Qk9212wMSOdut5H1FgdfOc3yPUBzfvkbUK3Ntl2aKPOo8d-jVY2fffhPZ4XJ05_RHvxV6fFy91yvXgom6f7x8WsKVvKZMqZGOqoMaYVDDvG65YzUWmafyH5fmMrw7BgFATXoI0D50xGbWWF5MLSaXE1zt2F_mtvY1Lbfh98XqmIlJjVQlTyMIsQAYLAwCIjqw19jME6tQvdpw4_CoMa3FWjuwqGGNxVLIvoKIqZ7Dc2_I8-oPoFxol7Hg</recordid><startdate>20230301</startdate><enddate>20230301</enddate><creator>Snoussi, Ramzi</creator><creator>Youssef, Habib</creator><general>Springer US</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>8AL</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ALSLI</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>CNYFK</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>L.-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M1O</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>Q9U</scope></search><sort><creationdate>20230301</creationdate><title>VAE-Based Latent Representations Learning for Botnet Detection in IoT Networks</title><author>Snoussi, Ramzi ; Youssef, Habib</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c347t-c32b3f3bbbc641f459c5468a30072969be8b41643065a0abf0ffb5a0c8e6756e3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Communications Engineering</topic><topic>Communications traffic</topic><topic>Computer Communication Networks</topic><topic>Computer Science</topic><topic>Computer Systems Organization and Communication Networks</topic><topic>Cybersecurity</topic><topic>Information Systems and Communication Service</topic><topic>Internet of Things</topic><topic>Machine learning</topic><topic>Malware</topic><topic>Methods</topic><topic>Network analysis</topic><topic>Networks</topic><topic>Operations Research/Decision Theory</topic><topic>Performance evaluation</topic><topic>Representations</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Snoussi, Ramzi</creatorcontrib><creatorcontrib>Youssef, Habib</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Social Science Premium Collection</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>Library & Information Science Collection</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ABI/INFORM Professional Advanced</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>Library Science Database</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>ProQuest Central Basic</collection><jtitle>Journal of network and systems management</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Snoussi, Ramzi</au><au>Youssef, Habib</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>VAE-Based Latent Representations Learning for Botnet Detection in IoT Networks</atitle><jtitle>Journal of network and systems management</jtitle><stitle>J Netw Syst Manage</stitle><date>2023-03-01</date><risdate>2023</risdate><volume>31</volume><issue>1</issue><spage>4</spage><pages>4-</pages><artnum>4</artnum><issn>1064-7570</issn><eissn>1573-7705</eissn><abstract>Botnets pose significant threats to cybersecurity. The infected Internet of Things (IoT) devices are used to launch unsupported malicious activities on target entities to disrupt their operations and services. To address this danger, we propose a machine learning-based method, for detecting botnets by analyzing network traffic data flow including various types of botnet attacks. Our method uses a hybrid model where a Variational AutoEncoder (VAE) is trained in an unsupervised manner to learn latent representations that describe the benign traffic data, and one-class classifier (OCC) for detecting anomaly (also called novelty detection). The main aim of this research is to learn the discriminating representations of the normal data in low dimensional latent space generated by VAE, and thus improve the predictive power of the OCC to detect malicious traffic. We have evaluated the performance of our model, and compared it against baseline models using a real network based dataset, containing popular IoT devices, and presenting a wide variety of attacks from two recent botnet families Mirai and Bashlite. Tests showed that our model can detect botnets with a satisfactory performance.</abstract><cop>New York</cop><pub>Springer US</pub><doi>10.1007/s10922-022-09690-4</doi></addata></record>
fulltext	fulltext
identifier	ISSN: 1064-7570
ispartof	Journal of network and systems management, 2023-03, Vol.31 (1), p.4, Article 4
issn	1064-7570 1573-7705
language	eng
recordid	cdi_proquest_journals_2771496687
source	SpringerLink Journals - AutoHoldings
subjects	Communications Engineering Communications traffic Computer Communication Networks Computer Science Computer Systems Organization and Communication Networks Cybersecurity Information Systems and Communication Service Internet of Things Machine learning Malware Methods Network analysis Networks Operations Research/Decision Theory Performance evaluation Representations
title	VAE-Based Latent Representations Learning for Botnet Detection in IoT Networks
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-10T23%3A04%3A29IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=VAE-Based%20Latent%20Representations%20Learning%20for%20Botnet%20Detection%20in%20IoT%20Networks&rft.jtitle=Journal%20of%20network%20and%20systems%20management&rft.au=Snoussi,%20Ramzi&rft.date=2023-03-01&rft.volume=31&rft.issue=1&rft.spage=4&rft.pages=4-&rft.artnum=4&rft.issn=1064-7570&rft.eissn=1573-7705&rft_id=info:doi/10.1007/s10922-022-09690-4&rft_dat=%3Cproquest_cross%3E2722606207%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2722606207&rft_id=info:pmid/&rfr_iscdi=true