Por favor, use este identificador para citar o enlazar este ítem:
10.1016/j.future.2020.09.004
![](/digitum/image/email_logo.png)
![](/digitum/image/logo-facebook.png)
Registro completo de metadatos
Campo DC | Valor | Lengua/Idioma |
---|---|---|
dc.contributor.author | Martínez Garre, José Tomás | - |
dc.contributor.author | Gil Pérez, Manuel | - |
dc.contributor.author | Ruiz-Martínez, Antonio | - |
dc.contributor.other | Facultades, Departamentos, Servicios y Escuelas::Departamentos de la UMU::Ingeniería de la Información y las Comunicaciones | - |
dc.date.accessioned | 2024-02-06T07:53:56Z | - |
dc.date.available | 2024-02-06T07:53:56Z | - |
dc.date.issued | 2021-02 | - |
dc.identifier.citation | Future Generation Computer Systems Volume 115, February 2021, Pages 387-396 | - |
dc.identifier.issn | 0167-739X | - |
dc.identifier.issn | 1872-7115 (electrónico) | - |
dc.identifier.uri | http://hdl.handle.net/10201/138682 | - |
dc.description.abstract | Botnets are causing severe damages to users, companies, and governments through information theft, abuse of online services, DDoS attacks, etc. Although significant research is being made to detect them and mitigate their effect, they are exponentially increasing due to new zero-day attacks, a variation of their behavior, and obfuscation techniques. High Interaction Honeypots (HIH) are the only honeypots able to capture attacks and log all the information generated by attackers when setting up a botnet. The data generated is being processed using Machine Learning (ML) techniques for detection since they can detect hidden patterns. However, so far, research has been focused on intermediate phases of the botnet’s life cycle during operation, underestimating the initial phase of infection. To the best of our knowledge, this is the first solution in the infection phase of SSH-based botnets. Therefore, we have designed an approach based on an SSH-based HIH to generate a dataset consisting of executed commands and network information. Herein, we have applied ML techniques for the development of a real-time detection model. This approach reached a very high level of prediction and zero false negatives. Indeed, our system detected all known and unknown SSH sessions intended to infect our honeypots. Thus, our research has demonstrated that new SSH infections can be detected through ML techniques. | es |
dc.format | application/pdf | es |
dc.language | eng | es |
dc.relation | This work has been supported by the Spanish Ministry of Science, Innovation and Universities, FEDER funds, under grant numbers RTI2018-095855-B-I00 and TIN2017-86885-R, the European Commission Horizon 2020 Programme under grant agreement number H2020-SU-DS-2019/883335 - PALANTIR (Practical Autonomous Cyberhealth for resilient SMEs & Microenterprises), and the European Commission (FEDER/ERDF) | es |
dc.rights | info:eu-repo/semantics/embargoedAccess | - |
dc.subject | Botnet | - |
dc.subject | Machine learning | - |
dc.subject | Zero-day malware | - |
dc.subject | Honeypot | - |
dc.subject | High interaction | - |
dc.title | A novel Machine Learning-based approach for the detection of SSH botnet infection | es |
dc.type | info:eu-repo/semantics/article | es |
dc.embargo.terms | Si | - |
dc.identifier.doi | 10.1016/j.future.2020.09.004 | - |
Aparece en las colecciones: | Artículos: Ingeniería de la Información y las Comunicaciones |
Ficheros en este ítem:
Fichero | Descripción | Tamaño | Formato | |
---|---|---|---|---|
P02-FGCS_accepted manuscript-digitum.pdf | 606,26 kB | Adobe PDF | ![]() Visualizar/Abrir Solicitar una copia |
Los ítems de Digitum están protegidos por copyright, con todos los derechos reservados, a menos que se indique lo contrario.