Improving Botnet Detection with Recurrent Neural Network and Transfer
Learning
- URL: http://arxiv.org/abs/2104.12602v1
- Date: Mon, 26 Apr 2021 14:05:01 GMT
- Title: Improving Botnet Detection with Recurrent Neural Network and Transfer
Learning
- Authors: Jeeyung Kim, Alex Sim, Jinoh Kim, Kesheng Wu, Jaegyoon Hahm
- Abstract summary: Botnet detection is a critical step in stopping the spread of botnets and preventing malicious activities.
Recent approaches employing machine learning (ML) showed improved performance than earlier ones.
We propose a novel botnet detection method, built upon Recurrent Variational Autoencoder (RVAE)
- Score: 5.602292536933117
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: Botnet detection is a critical step in stopping the spread of botnets and
preventing malicious activities. However, reliable detection is still a
challenging task, due to a wide variety of botnets involving ever-increasing
types of devices and attack vectors. Recent approaches employing machine
learning (ML) showed improved performance than earlier ones, but these ML-
based approaches still have significant limitations. For example, most ML
approaches can not incorporate sequential pattern analysis techniques key to
detect some classes of botnets. Another common shortcoming of ML-based
approaches is the need to retrain neural networks in order to detect the
evolving botnets; however, the training process is time-consuming and requires
significant efforts to label the training data. For fast-evolving botnets, it
might take too long to create sufficient training samples before the botnets
have changed again. To address these challenges, we propose a novel botnet
detection method, built upon Recurrent Variational Autoencoder (RVAE) that
effectively captures sequential characteristics of botnet activities. In the
experiment, this semi-supervised learning method achieves better detection
accuracy than similar learning methods, especially on hard to detect classes.
Additionally, we devise a transfer learning framework to learn from a
well-curated source data set and transfer the knowledge to a target problem
domain not seen before. Tests show that the true-positive rate (TPR) with
transfer learning is higher than the RVAE semi-supervised learning method
trained using the target data set (91.8% vs. 68.3%).
Related papers
- Self-supervised Transformer for Deepfake Detection [112.81127845409002]
Deepfake techniques in real-world scenarios require stronger generalization abilities of face forgery detectors.
Inspired by transfer learning, neural networks pre-trained on other large-scale face-related tasks may provide useful features for deepfake detection.
In this paper, we propose a self-supervised transformer based audio-visual contrastive learning method.
arXiv Detail & Related papers (2022-03-02T17:44:40Z) - Recursive Least-Squares Estimator-Aided Online Learning for Visual
Tracking [58.14267480293575]
We propose a simple yet effective online learning approach for few-shot online adaptation without requiring offline training.
It allows an in-built memory retention mechanism for the model to remember the knowledge about the object seen before.
We evaluate our approach based on two networks in the online learning families for tracking, i.e., multi-layer perceptrons in RT-MDNet and convolutional neural networks in DiMP.
arXiv Detail & Related papers (2021-12-28T06:51:18Z) - Benchmarking Detection Transfer Learning with Vision Transformers [60.97703494764904]
complexity of object detection methods can make benchmarking non-trivial when new architectures, such as Vision Transformer (ViT) models, arrive.
We present training techniques that overcome these challenges, enabling the use of standard ViT models as the backbone of Mask R-CNN.
Our results show that recent masking-based unsupervised learning methods may, for the first time, provide convincing transfer learning improvements on COCO.
arXiv Detail & Related papers (2021-11-22T18:59:15Z) - Data-efficient Weakly-supervised Learning for On-line Object Detection
under Domain Shift in Robotics [24.878465999976594]
Several object detection methods have been proposed in the literature, the vast majority based on Deep Convolutional Neural Networks (DCNNs)
These methods have important limitations for robotics: Learning solely on off-line data may introduce biases, and prevents adaptation to novel tasks.
In this work, we investigate how weakly-supervised learning can cope with these problems.
arXiv Detail & Related papers (2020-12-28T16:36:11Z) - Adversarial Self-Supervised Contrastive Learning [62.17538130778111]
Existing adversarial learning approaches mostly use class labels to generate adversarial samples that lead to incorrect predictions.
We propose a novel adversarial attack for unlabeled data, which makes the model confuse the instance-level identities of the perturbed data samples.
We present a self-supervised contrastive learning framework to adversarially train a robust neural network without labeled data.
arXiv Detail & Related papers (2020-06-13T08:24:33Z) - Detection of Novel Social Bots by Ensembles of Specialized Classifiers [60.63582690037839]
Malicious actors create inauthentic social media accounts controlled in part by algorithms, known as social bots, to disseminate misinformation and agitate online discussion.
We show that different types of bots are characterized by different behavioral features.
We propose a new supervised learning method that trains classifiers specialized for each class of bots and combines their decisions through the maximum rule.
arXiv Detail & Related papers (2020-06-11T22:59:59Z) - Any-Shot Sequential Anomaly Detection in Surveillance Videos [36.24563211765782]
We propose an online anomaly detection method for surveillance videos using transfer learning and any-shot learning.
Our proposed algorithm leverages the feature extraction power of neural network-based models for transfer learning and the any-shot learning capability of statistical detection methods.
arXiv Detail & Related papers (2020-04-05T02:15:45Z) - Botnet Detection Using Recurrent Variational Autoencoder [4.486436314247216]
Botnets are increasingly used by malicious actors, creating increasing threat to a large number of internet users.
We propose a novel machine learning based method, named Recurrent Variational Autoencoder (RVAE), for detecting botnets.
Tests show RVAE is able to detect botnets with the same accuracy as the best known results published in literature.
arXiv Detail & Related papers (2020-04-01T05:03:34Z) - Automating Botnet Detection with Graph Neural Networks [106.24877728212546]
Botnets are now a major source for many network attacks, such as DDoS attacks and spam.
In this paper, we consider the neural network design challenges of using modern deep learning techniques to learn policies for botnet detection automatically.
arXiv Detail & Related papers (2020-03-13T15:34:33Z) - Cyber Attack Detection thanks to Machine Learning Algorithms [0.0]
This paper explores Machine Learning as a viable solution by examining its capabilities to classify malicious traffic in a network.
Our approach analyzes five different machine learning algorithms against NetFlow dataset containing common botnets.
The Random Forest succeeds in detecting more than 95% of the botnets in 8 out of 13 scenarios and more than 55% in the most difficult datasets.
arXiv Detail & Related papers (2020-01-17T13:52:12Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.