MONDEO: Multistage Botnet Detection

• URL: http://arxiv.org/abs/2308.16570v1
• Date: Thu, 31 Aug 2023 09:12:30 GMT
• Title: MONDEO: Multistage Botnet Detection
• Authors: Duarte Dias, Bruno Sousa, Nuno Antunes
• Abstract summary: MONDEO is a multistage mechanism to detect DNS-based botnet malware. It comprises four detection stages: Blacklisting/Whitelisting, Query rate analysis, DGA analysis, and Machine learning evaluation. MONDEO was tested against several datasets to measure its efficiency and performance.
• Score: 2.259031129687683
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Mobile devices have widespread to become the most used piece of technology. Due to their characteristics, they have become major targets for botnet-related malware. FluBot is one example of botnet malware that infects mobile devices. In particular, FluBot is a DNS-based botnet that uses Domain Generation Algorithms (DGA) to establish communication with the Command and Control Server (C2). MONDEO is a multistage mechanism with a flexible design to detect DNS-based botnet malware. MONDEO is lightweight and can be deployed without requiring the deployment of software, agents, or configuration in mobile devices, allowing easy integration in core networks. MONDEO comprises four detection stages: Blacklisting/Whitelisting, Query rate analysis, DGA analysis, and Machine learning evaluation. It was created with the goal of processing streams of packets to identify attacks with high efficiency, in the distinct phases. MONDEO was tested against several datasets to measure its efficiency and performance, being able to achieve high performance with RandomForest classifiers. The implementation is available at github.

Related papers

• MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
  We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware. We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph. This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
  arXiv  Detail & Related papers  (2024-09-29T07:22:47Z)
• An Unforgeable Publicly Verifiable Watermark for Large Language Models [84.2805275589553]
  Current watermark detection algorithms require the secret key used in the watermark generation process, making them susceptible to security breaches and counterfeiting during public detection. We propose an unforgeable publicly verifiable watermark algorithm named UPV that uses two different neural networks for watermark generation and detection, instead of using the same key at both stages.
  arXiv  Detail & Related papers  (2023-07-30T13:43:27Z)
• Explaining Machine Learning DGA Detectors from DNS Traffic Data [11.049278217301048]
  This work addresses the problem of Explainable ML in the context of botnet and DGA detection. It is the first to concretely break down the decisions of ML classifiers when devised for botnet/DGA detection.
  arXiv  Detail & Related papers  (2022-08-10T11:34:26Z)
• Towards a Universal Features Set for IoT Botnet Attacks Detection [1.022709144903362]
  We propose a universal features set to better detect the botnet attacks regardless of the underlying dataset. The proposed features set manifest preeminent results for detecting the botnet attacks when tested the trained machine learning models over three different botnet attack datasets.
  arXiv  Detail & Related papers  (2020-12-01T13:15:57Z)
• Machine Learning-Based Early Detection of IoT Botnets Using Network-Edge Traffic [9.248700524610191]
  EDIMA is designed to be deployed at the edge gateway installed in home networks and targets early detection of botnets prior to the launch of an attack. EDima includes a novel two-stage Machine Learning (ML)-based detector developed specifically for IoT bot detection at the edge gateway. EDima is also shown to outperform existing detection techniques for bot scanning traffic and bot-CnC server communication.
  arXiv  Detail & Related papers  (2020-10-22T05:29:48Z)
• Simultaneous Detection and Tracking with Motion Modelling for Multiple Object Tracking [94.24393546459424]
  We introduce Deep Motion Modeling Network (DMM-Net) that can estimate multiple objects' motion parameters to perform joint detection and association. DMM-Net achieves PR-MOTA score of 12.80 @ 120+ fps for the popular UA-DETRAC challenge, which is better performance and orders of magnitude faster. We also contribute a synthetic large-scale public dataset Omni-MOT for vehicle tracking that provides precise ground-truth annotations.
  arXiv  Detail & Related papers  (2020-08-20T08:05:33Z)
• Mobile Botnet Detection: A Deep Learning Approach Using Convolutional Neural Networks [0.0]
  We present a deep learning approach for Android botnet detection based on Convolutional Neural Networks (CNN) Our proposed botnet detection system is implemented as a CNN-based model that is trained on 342 static app features to distinguish between botnet apps and normal apps. The trained botnet detection model was evaluated on a set of 6,802 real applications containing 1,929 botnets from the publicly available ISCX botnet dataset.
  arXiv  Detail & Related papers  (2020-07-01T06:19:12Z)
• FCOS: A simple and strong anchor-free object detector [111.87691210818194]
  We propose a fully convolutional one-stage object detector (FCOS) to solve object detection in a per-pixel prediction fashion. Almost all state-of-the-art object detectors such as RetinaNet, SSD, YOLOv3, and Faster R-CNN rely on pre-defined anchor boxes. In contrast, our proposed detector FCOS is anchor box free, as well as proposal free.
  arXiv  Detail & Related papers  (2020-06-14T01:03:39Z)
• MobileDets: Searching for Object Detection Architectures for Mobile Accelerators [61.30355783955777]
  Inverted bottleneck layers have been the predominant building blocks in state-of-the-art object detection models on mobile devices. Regular convolutions are a potent component to boost the latency-accuracy trade-off for object detection on accelerators. We obtain a family of object detection models, MobileDets, that achieve state-of-the-art results across mobile accelerators.
  arXiv  Detail & Related papers  (2020-04-30T00:21:30Z)
• Botnet Detection Using Recurrent Variational Autoencoder [4.486436314247216]
  Botnets are increasingly used by malicious actors, creating increasing threat to a large number of internet users. We propose a novel machine learning based method, named Recurrent Variational Autoencoder (RVAE), for detecting botnets. Tests show RVAE is able to detect botnets with the same accuracy as the best known results published in literature.
  arXiv  Detail & Related papers  (2020-04-01T05:03:34Z)
• Automating Botnet Detection with Graph Neural Networks [106.24877728212546]
  Botnets are now a major source for many network attacks, such as DDoS attacks and spam. In this paper, we consider the neural network design challenges of using modern deep learning techniques to learn policies for botnet detection automatically.
  arXiv  Detail & Related papers  (2020-03-13T15:34:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.