Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics
Descripción del Articulo
Botnets are some of the most recurrent cyber-threats, which take advantage of the wide heterogeneity of endpoint devices at the Edge of the emerging communication environments for enabling the malicious enforcement of fraud and other adversarial tactics, including malware, data leaks or denial of se...
| Autor: | |
|---|---|
| Formato: | tesis de grado |
| Fecha de Publicación: | 2020 |
| Institución: | Universidad de Lima |
| Repositorio: | ULIMA-Institucional |
| Lenguaje: | español |
| OAI Identifier: | oai:repositorio.ulima.edu.pe:20.500.12724/12724 |
| Enlace del recurso: | https://hdl.handle.net/20.500.12724/12724 |
| Nivel de acceso: | acceso abierto |
| Materia: | Seguridad informática Malware (Computer software) Computer security Botnets Malware (Programas de computadora) https://purl.org/pe-repo/ocde/ford#2.02.04 |
| id |
RULI_a21d4ca3bdd064d93b05533cbf99ce39 |
|---|---|
| oai_identifier_str |
oai:repositorio.ulima.edu.pe:20.500.12724/12724 |
| network_acronym_str |
RULI |
| network_name_str |
ULIMA-Institucional |
| repository_id_str |
3883 |
| dc.title.es_PE.fl_str_mv |
Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics |
| title |
Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics |
| spellingShingle |
Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics Huancayo Ramos, Katherinne Shirley Seguridad informática Malware (Computer software) Computer security Botnets Malware (Programas de computadora) https://purl.org/pe-repo/ocde/ford#2.02.04 |
| title_short |
Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics |
| title_full |
Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics |
| title_fullStr |
Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics |
| title_full_unstemmed |
Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics |
| title_sort |
Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics |
| author |
Huancayo Ramos, Katherinne Shirley |
| author_facet |
Huancayo Ramos, Katherinne Shirley |
| author_role |
author |
| dc.contributor.student.none.fl_str_mv |
1, OA, S |
| dc.contributor.advisor.fl_str_mv |
Sotelo Monge, Marco Antonio |
| dc.contributor.author.fl_str_mv |
Huancayo Ramos, Katherinne Shirley |
| dc.subject.none.fl_str_mv |
Seguridad informática Malware (Computer software) Computer security |
| topic |
Seguridad informática Malware (Computer software) Computer security Botnets Malware (Programas de computadora) https://purl.org/pe-repo/ocde/ford#2.02.04 |
| dc.subject.es_PE.fl_str_mv |
Botnets Malware (Programas de computadora) |
| dc.subject.ocde.none.fl_str_mv |
https://purl.org/pe-repo/ocde/ford#2.02.04 |
| description |
Botnets are some of the most recurrent cyber-threats, which take advantage of the wide heterogeneity of endpoint devices at the Edge of the emerging communication environments for enabling the malicious enforcement of fraud and other adversarial tactics, including malware, data leaks or denial of service. There have been significant research advances in the development of accurate botnet detection methods underpinned on supervised analysis but assessing the accuracy and performance of such detection methods requires a clear evaluation model in the pursuit of enforcing proper defensive strategies. In order to contribute to the mitigation of botnets, this paper introduces a novel evaluation scheme grounded on supervised machine learning algorithms that enable the detection and discrimination of different botnets families on real operational environments. The proposal relies on observing, understanding and inferring the behavior of each botnet family based on network indicators measured at flow-level. The assumed evaluation methodology contemplates six phases that allow building a detection model against botnet-related malware distributed through the network, for which five supervised classifiers were instantiated were instantiated for further comparisons—Decision Tree, Random Forest, Naive Bayes Gaussian, Support Vector Machine and K-Neighbors. The experimental validation was performed on two public datasets of real botnet traffic—CIC-AWS-2018 and ISOT HTTP Botnet. Bearing the heterogeneity of the datasets, optimizing the analysis with the Grid Search algorithm led to improve the classification results of the instantiated algorithms. An exhaustive evaluation was carried out demonstrating the adequateness of our proposal which prompted that Random Forest and Decision Tree models are the most suitable for detecting different botnet specimens among the chosen algorithms. They exhibited higher precision rates whilst analyzing a large number of samples with less processing time. The variety of testing scenarios were deeply assessed and reported to set baseline results for future benchmark analysis targeted on flow-based behavioral patterns. |
| publishDate |
2020 |
| dc.date.accessioned.none.fl_str_mv |
2021-03-17T12:35:05Z |
| dc.date.available.none.fl_str_mv |
2021-03-17T12:35:05Z |
| dc.date.issued.fl_str_mv |
2020 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/bachelorThesis |
| dc.type.other.none.fl_str_mv |
Tesis |
| format |
bachelorThesis |
| dc.identifier.citation.es_PE.fl_str_mv |
Huancayo Ramos, K. S. (2020). Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics [Tesis para optar el Título Profesional de Ingeniero de Sistemas, Universidad de Lima]. Repositorio institucional de la Universidad de Lima. https://hdl.handle.net/20.500.12724/12724 |
| dc.identifier.uri.none.fl_str_mv |
https://hdl.handle.net/20.500.12724/12724 |
| identifier_str_mv |
Huancayo Ramos, K. S. (2020). Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics [Tesis para optar el Título Profesional de Ingeniero de Sistemas, Universidad de Lima]. Repositorio institucional de la Universidad de Lima. https://hdl.handle.net/20.500.12724/12724 |
| url |
https://hdl.handle.net/20.500.12724/12724 |
| dc.language.iso.none.fl_str_mv |
spa |
| language |
spa |
| dc.relation.ispartof.fl_str_mv |
SUNEDU |
| dc.rights.*.fl_str_mv |
info:eu-repo/semantics/openAccess |
| dc.rights.uri.*.fl_str_mv |
https://creativecommons.org/licenses/by-nc-sa/4.0/ |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
https://creativecommons.org/licenses/by-nc-sa/4.0/ |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.publisher.none.fl_str_mv |
Universidad de Lima |
| dc.publisher.country.none.fl_str_mv |
PE |
| publisher.none.fl_str_mv |
Universidad de Lima |
| dc.source.es_PE.fl_str_mv |
Repositorio Institucional - Ulima Universidad de Lima |
| dc.source.none.fl_str_mv |
reponame:ULIMA-Institucional instname:Universidad de Lima instacron:ULIMA |
| instname_str |
Universidad de Lima |
| instacron_str |
ULIMA |
| institution |
ULIMA |
| reponame_str |
ULIMA-Institucional |
| collection |
ULIMA-Institucional |
| bitstream.url.fl_str_mv |
https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12724/5/Huancayo_Ramos_Katherinne_Shirley.pdf.jpg https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12724/3/license.txt https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12724/2/license_rdf https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12724/1/Huancayo_Ramos_Katherinne_Shirley.pdf https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12724/4/Huancayo_Ramos_Katherinne_Shirley.pdf.txt |
| bitstream.checksum.fl_str_mv |
0574132b8484ef3a027db8ed6ccec0b6 8a4605be74aa9ea9d79846c1fba20a33 8fc46f5e71650fd7adee84a69b9163c2 93f82f363da32d77f2a2a083e0c338a9 3038fba1478a5413ab478d2568ced8a8 |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 MD5 |
| repository.name.fl_str_mv |
Repositorio Universidad de Lima |
| repository.mail.fl_str_mv |
repositorio@ulima.edu.pe |
| _version_ |
1844709866683236352 |
| spelling |
Sotelo Monge, Marco AntonioHuancayo Ramos, Katherinne Shirley1, OA, S2021-03-17T12:35:05Z2021-03-17T12:35:05Z2020Huancayo Ramos, K. S. (2020). Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analytics [Tesis para optar el Título Profesional de Ingeniero de Sistemas, Universidad de Lima]. Repositorio institucional de la Universidad de Lima. https://hdl.handle.net/20.500.12724/12724https://hdl.handle.net/20.500.12724/12724Botnets are some of the most recurrent cyber-threats, which take advantage of the wide heterogeneity of endpoint devices at the Edge of the emerging communication environments for enabling the malicious enforcement of fraud and other adversarial tactics, including malware, data leaks or denial of service. There have been significant research advances in the development of accurate botnet detection methods underpinned on supervised analysis but assessing the accuracy and performance of such detection methods requires a clear evaluation model in the pursuit of enforcing proper defensive strategies. In order to contribute to the mitigation of botnets, this paper introduces a novel evaluation scheme grounded on supervised machine learning algorithms that enable the detection and discrimination of different botnets families on real operational environments. The proposal relies on observing, understanding and inferring the behavior of each botnet family based on network indicators measured at flow-level. The assumed evaluation methodology contemplates six phases that allow building a detection model against botnet-related malware distributed through the network, for which five supervised classifiers were instantiated were instantiated for further comparisons—Decision Tree, Random Forest, Naive Bayes Gaussian, Support Vector Machine and K-Neighbors. The experimental validation was performed on two public datasets of real botnet traffic—CIC-AWS-2018 and ISOT HTTP Botnet. Bearing the heterogeneity of the datasets, optimizing the analysis with the Grid Search algorithm led to improve the classification results of the instantiated algorithms. An exhaustive evaluation was carried out demonstrating the adequateness of our proposal which prompted that Random Forest and Decision Tree models are the most suitable for detecting different botnet specimens among the chosen algorithms. They exhibited higher precision rates whilst analyzing a large number of samples with less processing time. The variety of testing scenarios were deeply assessed and reported to set baseline results for future benchmark analysis targeted on flow-based behavioral patterns.application/pdfspaUniversidad de LimaPEinfo:eu-repo/semantics/openAccesshttps://creativecommons.org/licenses/by-nc-sa/4.0/Repositorio Institucional - UlimaUniversidad de Limareponame:ULIMA-Institucionalinstname:Universidad de Limainstacron:ULIMASeguridad informáticaMalware (Computer software)Computer securityBotnetsMalware (Programas de computadora)https://purl.org/pe-repo/ocde/ford#2.02.04Benchmark-Based Reference Model for Evaluating Botnet Detection Tools Driven by Traffic-Flow Analyticsinfo:eu-repo/semantics/bachelorThesisTesisSUNEDUTítulo ProfesionalIngeniería de sistemasUniversidad de Lima. Facultad de Ingeniería y ArquitecturaIngeniero de sistemashttps://orcid.org/0000-0001-6392-02164158731361207674635102https://purl.org/pe-repo/renati/level#tituloProfesionalRodriguez-Rodriguez, Nadia-KatherineGutierrez-Cardenas, Juan-ManuelNina-Hanco, Hernanhttps://purl.org/pe-repo/renati/type#tesisOITHUMBNAILHuancayo_Ramos_Katherinne_Shirley.pdf.jpgHuancayo_Ramos_Katherinne_Shirley.pdf.jpgGenerated Thumbnailimage/jpeg10259https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12724/5/Huancayo_Ramos_Katherinne_Shirley.pdf.jpg0574132b8484ef3a027db8ed6ccec0b6MD55LICENSElicense.txtlicense.txttext/plain; charset=utf-81748https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12724/3/license.txt8a4605be74aa9ea9d79846c1fba20a33MD53CC-LICENSElicense_rdflicense_rdfapplication/rdf+xml; charset=utf-81037https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12724/2/license_rdf8fc46f5e71650fd7adee84a69b9163c2MD52ORIGINALHuancayo_Ramos_Katherinne_Shirley.pdfHuancayo_Ramos_Katherinne_Shirley.pdfapplication/pdf742920https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12724/1/Huancayo_Ramos_Katherinne_Shirley.pdf93f82f363da32d77f2a2a083e0c338a9MD51TEXTHuancayo_Ramos_Katherinne_Shirley.pdf.txtHuancayo_Ramos_Katherinne_Shirley.pdf.txtExtracted texttext/plain105684https://repositorio.ulima.edu.pe/bitstream/20.500.12724/12724/4/Huancayo_Ramos_Katherinne_Shirley.pdf.txt3038fba1478a5413ab478d2568ced8a8MD5420.500.12724/12724oai:repositorio.ulima.edu.pe:20.500.12724/127242024-11-05 15:04:06.322Repositorio Universidad de Limarepositorio@ulima.edu.peTk9URTogUExBQ0UgWU9VUiBPV04gTElDRU5TRSBIRVJFClRoaXMgc2FtcGxlIGxpY2Vuc2UgaXMgcHJvdmlkZWQgZm9yIGluZm9ybWF0aW9uYWwgcHVycG9zZXMgb25seS4KCk5PTi1FWENMVVNJVkUgRElTVFJJQlVUSU9OIExJQ0VOU0UKCkJ5IHNpZ25pbmcgYW5kIHN1Ym1pdHRpbmcgdGhpcyBsaWNlbnNlLCB5b3UgKHRoZSBhdXRob3Iocykgb3IgY29weXJpZ2h0Cm93bmVyKSBncmFudHMgdG8gRFNwYWNlIFVuaXZlcnNpdHkgKERTVSkgdGhlIG5vbi1leGNsdXNpdmUgcmlnaHQgdG8gcmVwcm9kdWNlLAp0cmFuc2xhdGUgKGFzIGRlZmluZWQgYmVsb3cpLCBhbmQvb3IgZGlzdHJpYnV0ZSB5b3VyIHN1Ym1pc3Npb24gKGluY2x1ZGluZwp0aGUgYWJzdHJhY3QpIHdvcmxkd2lkZSBpbiBwcmludCBhbmQgZWxlY3Ryb25pYyBmb3JtYXQgYW5kIGluIGFueSBtZWRpdW0sCmluY2x1ZGluZyBidXQgbm90IGxpbWl0ZWQgdG8gYXVkaW8gb3IgdmlkZW8uCgpZb3UgYWdyZWUgdGhhdCBEU1UgbWF5LCB3aXRob3V0IGNoYW5naW5nIHRoZSBjb250ZW50LCB0cmFuc2xhdGUgdGhlCnN1Ym1pc3Npb24gdG8gYW55IG1lZGl1bSBvciBmb3JtYXQgZm9yIHRoZSBwdXJwb3NlIG9mIHByZXNlcnZhdGlvbi4KCllvdSBhbHNvIGFncmVlIHRoYXQgRFNVIG1heSBrZWVwIG1vcmUgdGhhbiBvbmUgY29weSBvZiB0aGlzIHN1Ym1pc3Npb24gZm9yCnB1cnBvc2VzIG9mIHNlY3VyaXR5LCBiYWNrLXVwIGFuZCBwcmVzZXJ2YXRpb24uCgpZb3UgcmVwcmVzZW50IHRoYXQgdGhlIHN1Ym1pc3Npb24gaXMgeW91ciBvcmlnaW5hbCB3b3JrLCBhbmQgdGhhdCB5b3UgaGF2ZQp0aGUgcmlnaHQgdG8gZ3JhbnQgdGhlIHJpZ2h0cyBjb250YWluZWQgaW4gdGhpcyBsaWNlbnNlLiBZb3UgYWxzbyByZXByZXNlbnQKdGhhdCB5b3VyIHN1Ym1pc3Npb24gZG9lcyBub3QsIHRvIHRoZSBiZXN0IG9mIHlvdXIga25vd2xlZGdlLCBpbmZyaW5nZSB1cG9uCmFueW9uZSdzIGNvcHlyaWdodC4KCklmIHRoZSBzdWJtaXNzaW9uIGNvbnRhaW5zIG1hdGVyaWFsIGZvciB3aGljaCB5b3UgZG8gbm90IGhvbGQgY29weXJpZ2h0LAp5b3UgcmVwcmVzZW50IHRoYXQgeW91IGhhdmUgb2J0YWluZWQgdGhlIHVucmVzdHJpY3RlZCBwZXJtaXNzaW9uIG9mIHRoZQpjb3B5cmlnaHQgb3duZXIgdG8gZ3JhbnQgRFNVIHRoZSByaWdodHMgcmVxdWlyZWQgYnkgdGhpcyBsaWNlbnNlLCBhbmQgdGhhdApzdWNoIHRoaXJkLXBhcnR5IG93bmVkIG1hdGVyaWFsIGlzIGNsZWFybHkgaWRlbnRpZmllZCBhbmQgYWNrbm93bGVkZ2VkCndpdGhpbiB0aGUgdGV4dCBvciBjb250ZW50IG9mIHRoZSBzdWJtaXNzaW9uLgoKSUYgVEhFIFNVQk1JU1NJT04gSVMgQkFTRUQgVVBPTiBXT1JLIFRIQVQgSEFTIEJFRU4gU1BPTlNPUkVEIE9SIFNVUFBPUlRFRApCWSBBTiBBR0VOQ1kgT1IgT1JHQU5JWkFUSU9OIE9USEVSIFRIQU4gRFNVLCBZT1UgUkVQUkVTRU5UIFRIQVQgWU9VIEhBVkUKRlVMRklMTEVEIEFOWSBSSUdIVCBPRiBSRVZJRVcgT1IgT1RIRVIgT0JMSUdBVElPTlMgUkVRVUlSRUQgQlkgU1VDSApDT05UUkFDVCBPUiBBR1JFRU1FTlQuCgpEU1Ugd2lsbCBjbGVhcmx5IGlkZW50aWZ5IHlvdXIgbmFtZShzKSBhcyB0aGUgYXV0aG9yKHMpIG9yIG93bmVyKHMpIG9mIHRoZQpzdWJtaXNzaW9uLCBhbmQgd2lsbCBub3QgbWFrZSBhbnkgYWx0ZXJhdGlvbiwgb3RoZXIgdGhhbiBhcyBhbGxvd2VkIGJ5IHRoaXMKbGljZW5zZSwgdG8geW91ciBzdWJtaXNzaW9uLgo= |
| score |
13.0672035 |
Nota importante:
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
La información contenida en este registro es de entera responsabilidad de la institución que gestiona el repositorio institucional donde esta contenido este documento o set de datos. El CONCYTEC no se hace responsable por los contenidos (publicaciones y/o datos) accesibles a través del Repositorio Nacional Digital de Ciencia, Tecnología e Innovación de Acceso Abierto (ALICIA).
