INVESTIGATING A BEHAVIOUR ANALYSIS-BASED EARLY WARNING SYSTEM TO IDENTIFY BOTNETS USING MACHINE LEARNING ALGORITHMS

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii List of Abbreviations Used . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi Chapter

[1]  Jiankun Hu,et al.  A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns , 2014, IEEE Transactions on Computers.

[2]  Kevin Fu,et al.  Controlling for cybersecurity risks of medical device software , 2013, Commun. ACM.

[3]  Chun-Ying Huang,et al.  A fuzzy pattern-based filtering algorithm for botnet detection , 2011, Comput. Networks.

[4]  D. Gática-Pérez,et al.  Towards rich mobile phone datasets: Lausanne data collection campaign , 2010 .

[5]  Farnam Jahanian,et al.  A Survey of Botnet Technology and Defenses , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[6]  Aziz Mohaisen,et al.  Unveiling Zeus , 2013, ArXiv.

[7]  Simon Haykin,et al.  Neural Networks and Learning Machines , 2010 .

[8]  A. Nur Zincir-Heywood,et al.  On botnet behaviour analysis using GP and C4.5 , 2014, GECCO.

[9]  Nick Feamster,et al.  Building a Dynamic Reputation System for DNS , 2010, USENIX Security Symposium.

[10]  Alexander K. Seewald,et al.  Lambda pruning: an approximation of the string subsequence kernel for practical SVM classification and redundancy clustering , 2007, Adv. Data Anal. Classif..

[11]  Mourad Debbabi,et al.  Network malware classification comparison using DPI and flow packet headers , 2015, Journal of Computer Virology and Hacking Techniques.

[12]  Miroslaw Szymczyk Detecting Botnets in Computer Networks Using Multi-agent Technology , 2009, 2009 Fourth International Conference on Dependability of Computer Systems.

[13]  Kevin W. Hamlen,et al.  Flow-based identification of botnet traffic by mining multiple log files , 2008, 2008 First International Conference on Distributed Framework and Applications.

[14]  Ali A. Ghorbani,et al.  Clustering botnet communication traffic based on n-gram feature selection , 2011, Comput. Commun..

[15]  A. Nur Zincir-Heywood,et al.  How to choose from different botnet detection systems? , 2016, NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.

[16]  A. Nur Zincir-Heywood,et al.  Analyzing string format-based classifiers for botnet detection: GP and SVM , 2013, 2013 IEEE Congress on Evolutionary Computation.

[17]  Imad Aad,et al.  The Mobile Data Challenge: Big Data for Mobile Computing Research , 2012 .

[18]  Malcolm I. Heywood,et al.  Coevolutionary bid-based genetic programming for problem decomposition in classification , 2008, Genetic Programming and Evolvable Machines.

[19]  Ece Guran Schmidt,et al.  Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison , 2010, Perform. Evaluation.

[20]  Malcolm I. Heywood,et al.  Malicious Automatically Generated Domain Name Detection Using Stateful-SBB , 2013, EvoApplications.

[21]  Etienne Stalmans,et al.  A framework for DNS based detection and mitigation of malware infections on a network , 2011, 2011 Information Security for South Africa.

[22]  Sureswaran Ramadass,et al.  Detecting Botnet Activities Based on Abnormal DNS traffic , 2009, ArXiv.

[23]  A. Nur Zincir-Heywood,et al.  On the Effectiveness of Different Botnet Detection Approaches , 2015, ISPEC.

[24]  Ali A. Ghorbani,et al.  Peer to Peer Botnet Detection Based on Flow Intervals , 2012, SEC.

[25]  Ethem Alpaydin,et al.  Introduction to machine learning , 2004, Adaptive computation and machine learning.

[26]  Vinod Yegneswaran,et al.  BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation , 2007, USENIX Security Symposium.

[27]  Andrew R. McIntyre,et al.  Symbiotic coevolutionary genetic programming: a benchmarking study under large attribute spaces , 2012, Genetic Programming and Evolvable Machines.

[28]  Ahmed Serhrouchni,et al.  Collaborative approach for inter-domain botnet detection in large-scale networks , 2013, 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[29]  Saiyan Saiyod,et al.  Improving Intrusion Detection on Snort Rules for Botnets Detection , 2016 .

[30]  Edwin D. de Jong,et al.  A Monotonic Archive for Pareto-Coevolution , 2007, Evolutionary Computation.

[31]  Christopher Krügel,et al.  Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.

[32]  Sandeep Yadav,et al.  Detecting Algorithmically Generated Domain-Flux Attacks With DNS Traffic Analysis , 2012, IEEE/ACM Transactions on Networking.

[33]  John C. Mitchell,et al.  Characterizing Bots' Remote Control Behavior , 2007, DIMVA.

[34]  A. Nur Zincir-Heywood,et al.  Data Confirmation for Botnet Traffic Analysis , 2014, FPS.

[35]  Stefano Zanero,et al.  Phoenix: DGA-Based Botnet Tracking and Intelligence , 2014, DIMVA.

[36]  Lei Liu,et al.  BotTracer: Execution-Based Bot-Like Malware Detection , 2008, ISC.

[37]  Jens Myrup Pedersen,et al.  An analysis of network traffic classification for botnet detection , 2015, 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA).

[38]  Wenke Lee,et al.  Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces , 2009, 2009 Annual Computer Security Applications Conference.

[39]  Sureswaran Ramadass,et al.  A Survey of Botnet and Botnet Detection , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[40]  Alejandro Zunino,et al.  An empirical comparison of botnet detection methods , 2014, Comput. Secur..

[41]  Wolfgang Banzhaf,et al.  A comparison of linear genetic programming and neural networks in medical data mining , 2001, IEEE Trans. Evol. Comput..

[42]  Yao Zheng,et al.  PeerClean: Unveiling peer-to-peer botnets through dynamic group behavior analysis , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[43]  Felix C. Freiling,et al.  Measuring and Detecting Fast-Flux Service Networks , 2008, NDSS.

[44]  Quan Sun,et al.  Sampling-based Prediction of Algorithm Runtime , 2009 .

[45]  George Kesidis,et al.  Salting Public Traces with Attack Traffic to Test Flow Classifiers , 2011, CSET.

[46]  Han Zhang,et al.  BotTalker: Generating encrypted, customizable C&C traces , 2015, 2015 IEEE International Symposium on Technologies for Homeland Security (HST).

[47]  Zou Futai,et al.  Hybrid detection and tracking of fast-flux botnet on domain name system traffic , 2013, China Communications.

[48]  Evangelos E. Milios,et al.  Robust learning intrusion detection for attacks on wireless networks , 2011, Intell. Data Anal..

[49]  Hossein Rouhani Zeidanloo,et al.  Botnet detection based on traffic monitoring , 2010, 2010 International Conference on Networking and Information Technology.

[50]  André Zúquete,et al.  Traffic classification and verification using unsupervised learning of Gaussian Mixture Models , 2015, 2015 IEEE International Workshop on Measurements & Networking (M&N).

[51]  Tomáš Plesník,et al.  Detecting Botnets with NetFlow , 2011 .

[52]  Norbert Pohlmann,et al.  CoCoSpot: Clustering and recognizing botnet command and control channels using traffic analysis , 2013, Comput. Networks.

[53]  Qiang Ma,et al.  Detecting infection onset with behavior-based policies , 2011, 2011 5th International Conference on Network and System Security.

[54]  Riyad Alshammari,et al.  How Robust Can a Machine Learning Approach Be for Classifying Encrypted VoIP? , 2014, Journal of Network and Systems Management.

[55]  Amr M. Youssef,et al.  On the analysis of the Zeus botnet crimeware toolkit , 2010, 2010 Eighth International Conference on Privacy, Security and Trust.

[56]  A. Nur Zincir-Heywood,et al.  Botnet Detection System Analysis on the Effect of Botnet Evolution and Feature Representation , 2015, GECCO.

[57]  Felix C. Freiling,et al.  On Botnets That Use DNS for Command and Control , 2011, 2011 Seventh European Conference on Computer Network Defense.

[58]  Jing Wang,et al.  Botnet Detection Based on Anomaly and Community Detection , 2017, IEEE Transactions on Control of Network Systems.

[59]  A. Nur Zincir-Heywood,et al.  Traffic flow analysis of tor pluggable transports , 2015, 2015 11th International Conference on Network and Service Management (CNSM).

[60]  Mohammed S. Alam,et al.  Advanced Methods for Botnet Intrusion Detection Systems , 2011 .

[61]  Leyla Bilge,et al.  Exposure: A Passive DNS Analysis Service to Detect and Report Malicious Domains , 2014, TSEC.

[62]  A. Nur Zincir-Heywood,et al.  Benchmarking the Effect of Flow Exporters and Protocol Filters on Botnet Traffic Classification , 2016, IEEE Systems Journal.

[63]  Jun Zhang,et al.  An Effective Network Traffic Classification Method with Unknown Flow Detection , 2013, IEEE Transactions on Network and Service Management.

[64]  Christopher Leckie,et al.  Improved Classification of Known and Unknown Network Traffic Flows Using Semi-supervised Machine Learning , 2016, ACISP.

[65]  Ali A. Ghorbani,et al.  Towards effective feature selection in machine learning-based botnet detection approaches , 2014, 2014 IEEE Conference on Communications and Network Security.

[66]  Lawrence K. Saul,et al.  Beyond blacklists: learning to detect malicious web sites from suspicious URLs , 2009, KDD.

[67]  Nello Cristianini,et al.  Classification using String Kernels , 2000 .

[68]  A. Nur Zincir-Heywood,et al.  Botnet Behaviour Analysis Using IP Flows: With HTTP Filters Using Classifiers , 2014, 2014 28th International Conference on Advanced Information Networking and Applications Workshops.

[69]  W. Timothy Strayer,et al.  Botnet Detection Based on Network Behavior , 2008, Botnet Detection.

[70]  Stefan Savage,et al.  Spamscatter: Characterizing Internet Scam Hosting Infrastructure , 2007, USENIX Security Symposium.

[71]  K. Kuppusamy,et al.  System and methodology for unknown Malware attack , 2011 .

[72]  Thorsten Holz,et al.  As the net churns: Fast-flux botnet observations , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[73]  Pavani Bharathula,et al.  Equitable Machine Learning Algorithms to Probe Over P2P Botnets , 2015, FICTA.

[74]  Leyla Bilge,et al.  Automatically Generating Models for Botnet Detection , 2009, ESORICS.

[75]  Maryam Var Naseri,et al.  A data collection approach for Mobile Botnet analysis and detection , 2014, 2014 IEEE Symposium on Wireless Technology and Applications (ISWTA).

[76]  Kasidit Wijitsopon,et al.  An evaluation of data mining classification models for network intrusion detection , 2014, 2014 Fourth International Conference on Digital Information and Communication Technology and its Applications (DICTAP).

[77]  A. Nur Zincir-Heywood,et al.  A Closer Look at the HTTP and P2P Based Botnets from a Detector's Perspective , 2015, FPS.

[78]  A. Nur Zincir-Heywood,et al.  A Proxy Identifier Based on Patterns in Traffic Flows , 2015, 2015 IEEE 16th International Symposium on High Assurance Systems Engineering.

[79]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[80]  Xiapu Luo,et al.  Detecting stealthy P2P botnets using statistical traffic fingerprints , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems & Networks (DSN).

[81]  G. Kirubavathi Venkatesh,et al.  HTTP Botnet Detection Using Adaptive Learning Rate Multilayer Feed-Forward Neural Network , 2012, WISTP.

[82]  Ali A. Ghorbani,et al.  Detecting P2P botnets through network behavior analysis and machine learning , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[83]  Radu State,et al.  BotTrack: Tracking Botnets Using NetFlow and PageRank , 2011, Networking.