Recommender System based on Empirical Study of Geolocated Clustering and Prediction Services for Botnets Cyber-Intelligence in Malaysia

A recommender system is becoming a popular platform that predicts the ratings or preferences in studying human behaviors and habits. The predictive system is widely used especially in marketing, retailing and product development. The system responds to users preferences in goods and services and gives recommendations via Machine Learning algorithms deployed catered specifically for such services. The same recommender system can be built for predicting botnets attack. Via our Integrated Cyber-Evidence (ICE) Big Data system, we build a recommender system based on collected data on telemetric Botnets networks traffics. The recommender system is trained periodically on cyber-threats enriched data from Coordinated Malware Eradication & Remedial Platform system (CMERP), specifically the geolocations and the timestamp of the attacks. The machine learning is based on K-Means and DBSCAN clustering. The result is a recommendation of top potential attacks based on ranks from a given geolocations coordinates. The recommendation also includes alerts on locations with high density of certain botnets types.

[1]  Michael Schukat,et al.  Using analysis of temporal variances within a honeypot dataset to better predict attack type probability , 2017, 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST).

[2]  Ladislav Hluchý,et al.  A heuristics approach to mine behavioural data logs in mobile malware detection system , 2018, Data Knowl. Eng..

[3]  Guang Cheng,et al.  Detecting domain-flux botnet based on DNS traffic features in managed network , 2016, Secur. Commun. Networks.

[4]  Kyle Sanders,et al.  WE KNOW IT BEFORE YOU DO: PREDICTING MALICIOUS DOMAINS , 2014 .

[5]  Gianluca Stringhini,et al.  What's Your Major Threat? On the Differences between the Network Behavior of Targeted and Commodity Malware , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[6]  Zulaiha Ali Othman,et al.  Improvement Anomaly Intrusion Detection using Fuzzy-ART Based on K-means based on SNC Labeling , 2011 .

[7]  Kathleen M. Carley,et al.  An empirical study of global malware encounters , 2015, HotSoS.

[8]  Bud Mishra,et al.  Agent-based trace learning in a recommendation-verification system for cybersecurity , 2014, 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE).

[9]  Paulo Salvador,et al.  Statistical Characterization of the Botnets C&C Traffic , 2012 .

[10]  Siti Norul Huda Sheikh Abdullah,et al.  Additional Feet-on-the-Street Deployment Method for Indexed Crime Prevention Initiative , 2018 .

[11]  Khairuddin Omar,et al.  A Survey on Malware Analysis Techniques: Static, Dynamic, Hybrid and Memory Analysis , 2018, International Journal on Advanced Science, Engineering and Information Technology.

[12]  Mohammad S. Obaidat,et al.  ProIDS: Probabilistic Data Structures Based Intrusion Detection System for Network Traffic Monitoring , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[13]  Marini Abu Bakar,et al.  A Framework for Cybersecurity Strategy for Developing Countries: Case Study of Afghanistan , 2015 .