Active Spectral Botnet Detection Based on Eigenvalue Weighting

Botnets are a distributed network of infected nodes captured by cyber-criminals to design and implement a wide-range of cyber attacks. Graph clustering is a significant trend in machine learning that aims to group the graph vertices, is a practical technique for botnet detection. Spectral Clustering algorithms are a modern, persuasive, and analytical category of graph clustering which utilizes a spectrum of a graph’s matrix to discover the hidden structure of nodes. Spectral methods employ similarity matrix of a graph, but in botnet detection problem preparing the whole of the similarity matrix is costly, time-consuming, impossible, or might have a level of uncertainty. In this chapter, we review active spectral methods presented for this occasion that suggest a recursive approach to perform clustering on datasets, including more than two clusters and illustrate deficiency of the recursive approach. Next, we propose a new method that leverages a combination of eigenvalues and eigenvectors. Furthermore, a new metric is introduced to compare active spectral algorithms by considering the directions of most important eigenvectors of queried matrix related to a complete matrix.

[1]  Jens Myrup Pedersen,et al.  An efficient flow-based botnet detection using supervised machine learning , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[2]  D. Cacuci,et al.  SENSITIVITY and UNCERTAINTY ANALYSIS , 2003 .

[3]  Kwangjo Kim,et al.  Data Randomization and Cluster-Based Partitioning for Botnet Intrusion Detection , 2016, IEEE Transactions on Cybernetics.

[4]  Ali Dehghantanha,et al.  Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing , 2016, EURASIP Journal on Wireless Communications and Networking.

[5]  Martine D. F. Schlag,et al.  Spectral K-way ratio-cut partitioning and clustering , 1994, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[6]  Shang-Hua Teng,et al.  A Local Clustering Algorithm for Massive Graphs and Its Application to Nearly Linear Time Graph Partitioning , 2008, SIAM J. Comput..

[7]  Minho Park,et al.  A comparison of clustering algorithms for botnet detection based on network flow , 2016, 2016 Eighth International Conference on Ubiquitous and Future Networks (ICUFN).

[8]  Burr Settles,et al.  Active Learning , 2012, Synthesis Lectures on Artificial Intelligence and Machine Learning.

[9]  Xiapu Luo,et al.  Building a Scalable System for Stealthy P2P-Botnet Detection , 2014, IEEE Transactions on Information Forensics and Security.

[10]  Gautam Srivastava,et al.  Label-bag based Graph Anonymization via Edge Addition , 2014, C3S2E.

[11]  Tooska Dargahi,et al.  Cyber Threat Intelligence : Challenges and Opportunities , 2018, ArXiv.

[12]  Satu Elisa Schaeffer,et al.  Graph Clustering , 2017, Encyclopedia of Machine Learning and Data Mining.

[13]  Nozha Boujemaa,et al.  Active semi-supervised fuzzy clustering , 2008, Pattern Recognit..

[14]  Rajendra Bhatia Review of matrix perturbation theory: by G.W. Stewart and Ji-guang Sun☆ , 1992 .

[15]  Yew-Soon Ong Editorial IEEE Transactions on Emerging Topics in Computational Intelligence , 2017, IEEE Trans. Emerg. Top. Comput. Intell..

[16]  M. Cavers THE NORMALIZED LAPLACIAN MATRIX AND GENERAL RANDI C INDEX OF GRAPHS , 2010 .

[17]  Ling Huang,et al.  Spectral Clustering with Perturbed Data , 2008, NIPS.

[18]  Amin Azmoodeh,et al.  Graph embedding as a new approach for unknown malware detection , 2017, Journal of Computer Virology and Hacking Techniques.

[19]  Fan Chung,et al.  Spectral Graph Theory , 1996 .

[20]  Michael I. Jordan,et al.  On Spectral Clustering: Analysis and an algorithm , 2001, NIPS.

[21]  Farnam Jahanian,et al.  A Survey of Botnet Technology and Defenses , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[22]  Sean Chester,et al.  Social Network Privacy for Attribute Disclosure Attacks , 2011, 2011 International Conference on Advances in Social Networks Analysis and Mining.

[23]  Sean Chester,et al.  Complexity of social network anonymization , 2012, Social Network Analysis and Mining.

[24]  Ali Dehghantanha,et al.  Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning , 2019, IEEE Transactions on Sustainable Computing.

[25]  Hossein Rouhani Zeidanloo,et al.  A taxonomy of Botnet detection techniques , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[26]  Thorsten Joachims,et al.  Transductive Learning via Spectral Graph Partitioning , 2003, ICML.

[27]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[28]  Thomas Strohmer,et al.  Performance Analysis of Spectral Clustering on Compressed, Incomplete and Inaccurate Measurements , 2010, ArXiv.

[29]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[30]  Nebojsa Jojic,et al.  Active spectral clustering via iterative uncertainty reduction , 2012, KDD.

[31]  Ohad Shamir,et al.  Spectral Clustering on a Budget , 2011, AISTATS.

[32]  Ali Dehghantanha,et al.  BoTShark: A Deep Learning Approach for Botnet Traffic Detection , 2018 .

[33]  Tooska Dargahi,et al.  Cyber Threat Intelligence , 2018, Advances in Information Security.

[34]  Gautam Srivastava,et al.  A Secure Publish/Subscribe Protocol for Internet of Things , 2019, IACR Cryptol. ePrint Arch..

[35]  Ali Dehghantanha,et al.  Security Aspects of Internet of Things aided Smart Grids: a Bibliometric Survey , 2019, Internet Things.

[36]  Ling Huang,et al.  Fast approximate spectral clustering , 2009, KDD.

[37]  Lehel Csató,et al.  Active Learning with Clustering , 2011, Active Learning and Experimental Design @ AISTATS.

[38]  Ulrike von Luxburg,et al.  A tutorial on spectral clustering , 2007, Stat. Comput..

[39]  Ali Dehghantanha,et al.  Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence , 2018, IEEE Transactions on Emerging Topics in Computing.

[40]  C. Tappert,et al.  A Survey of Binary Similarity and Distance Measures , 2010 .

[41]  Anil K. Jain,et al.  Data clustering: a review , 1999, CSUR.

[42]  Ali Dehghantanha,et al.  A Cyber Kill Chain Based Taxonomy of Banking Trojans for Evolutionary Computational Intelligence , 2017, J. Comput. Sci..

[43]  Ali Dehghantanha,et al.  Internet of Things security and forensics: Challenges and opportunities , 2018, Future Gener. Comput. Syst..

[44]  Ali Dehghantanha,et al.  Fuzzy pattern tree for edge malware detection and categorization in IoT , 2019, J. Syst. Archit..

[45]  André Carlos Ponce de Leon Ferreira de Carvalho,et al.  Spectral methods for graph clustering - A survey , 2011, Eur. J. Oper. Res..

[46]  Ian Davidson,et al.  Active Spectral Clustering , 2010, 2010 IEEE International Conference on Data Mining.

[47]  Tooska Dargahi,et al.  Cyber Kill Chain-Based Taxonomy of Advanced Persistent Threat Actors: Analogy of Tactics, Techniques, and Procedures , 2019, J. Inf. Process. Syst..

[48]  Jitendra Malik,et al.  Normalized Cuts and Image Segmentation , 2000, IEEE Trans. Pattern Anal. Mach. Intell..

[49]  Sivaraman Balakrishnan,et al.  Efficient Active Algorithms for Hierarchical Clustering , 2012, ICML.

[50]  Robert D. Nowak,et al.  Active Clustering: Robust and Efficient Hierarchical Clustering using Adaptively Selected Similarities , 2011, AISTATS.

[51]  Hamid Beigy,et al.  Active selection of clustering constraints: a sequential approach , 2014, Pattern Recognit..