Por favor, use este identificador para citar o enlazar este ítem:
10.1016/j.future.2020.09.004
![](/digitum/image/email_logo.png)
![](/digitum/image/logo-facebook.png)
Título: | A novel Machine Learning-based approach for the detection of SSH botnet infection |
Fecha de publicación: | feb-2021 |
Cita bibliográfica: | Future Generation Computer Systems Volume 115, February 2021, Pages 387-396 |
ISSN: | 0167-739X 1872-7115 (electrónico) |
Palabras clave: | Botnet Machine learning Zero-day malware Honeypot High interaction |
Resumen: | Botnets are causing severe damages to users, companies, and governments through information theft, abuse of online services, DDoS attacks, etc. Although significant research is being made to detect them and mitigate their effect, they are exponentially increasing due to new zero-day attacks, a variation of their behavior, and obfuscation techniques. High Interaction Honeypots (HIH) are the only honeypots able to capture attacks and log all the information generated by attackers when setting up a botnet. The data generated is being processed using Machine Learning (ML) techniques for detection since they can detect hidden patterns. However, so far, research has been focused on intermediate phases of the botnet’s life cycle during operation, underestimating the initial phase of infection. To the best of our knowledge, this is the first solution in the infection phase of SSH-based botnets. Therefore, we have designed an approach based on an SSH-based HIH to generate a dataset consisting of executed commands and network information. Herein, we have applied ML techniques for the development of a real-time detection model. This approach reached a very high level of prediction and zero false negatives. Indeed, our system detected all known and unknown SSH sessions intended to infect our honeypots. Thus, our research has demonstrated that new SSH infections can be detected through ML techniques. |
Autor/es principal/es: | Martínez Garre, José Tomás Gil Pérez, Manuel Ruiz-Martínez, Antonio |
Facultad/Departamentos/Servicios: | Facultades, Departamentos, Servicios y Escuelas::Departamentos de la UMU::Ingeniería de la Información y las Comunicaciones |
URI: | http://hdl.handle.net/10201/138682 |
DOI: | 10.1016/j.future.2020.09.004 |
Tipo de documento: | info:eu-repo/semantics/article |
Derechos: | info:eu-repo/semantics/embargoedAccess |
Aparece en las colecciones: | Artículos: Ingeniería de la Información y las Comunicaciones |
Ficheros en este ítem:
Fichero | Descripción | Tamaño | Formato | |
---|---|---|---|---|
P02-FGCS_accepted manuscript-digitum.pdf | 606,26 kB | Adobe PDF | ![]() Visualizar/Abrir Solicitar una copia |
Los ítems de Digitum están protegidos por copyright, con todos los derechos reservados, a menos que se indique lo contrario.