Sonification of Network Traffic for Detecting and Learning About Botnet Behavior

Debashi, Mohamed and Vickers, Paul (2018) Sonification of Network Traffic for Detecting and Learning About Botnet Behavior. IEEE Access, 6. pp. 33826-33839. ISSN 2169-3536

[img]
Preview
Text
Sonification.pdf - Published Version
Available under License Creative Commons Attribution.

Download (7MB) | Preview
[img]
Preview
Text (Full text)
Debashi, Vickers - Sonification of Network Traffic for Detecting and Learning About Botnet Behaviour AAM.pdf - Accepted Version

Download (968kB) | Preview
Official URL: http://dx.doi.org/10.1109/ACCESS.2018.2847349

Abstract

Today's computer networks are under increasing threat from malicious activity. Botnets (networks of remotely controlled computers, or "bots") operate in such a way that their activity superficially resembles normal network traffic which makes their behaviour hard to detect by current Intrusion Detection Systems (IDS). Therefore, new monitoring techniques are needed to enable network operators to detect botnet activity quickly and in real time. Here we show a sonification technique using the SoNSTAR system that maps characteristics of network traffic to a real-time soundscape enabling an operator to hear and detect botnet activity. A case study demonstrated how using traffic log files alongside the interactive SoNSTAR system enabled the identification of new traffic patterns that characteristic botnet behaviour and subsequently the effective targeting and real-time detection of botnet activity. An experiment using the 11.39 GiB ISOT Botnet Dataset, containing labelled botnet traffic data, compared the SoNSTAR system with three leading machine learning-based traffic classifiers in a botnet activity detection test. SoNSTAR demonstrated greater accuracy, precision and recall and much lower false positive rates than the other techniques. The knowledge generated about characteristic botnet behaviours could be used in the development of future IDSs.

Item Type: Article
Uncontrolled Keywords: Botnet Detection, Intrusion Detection Systems, Network Monitoring, Situational Awareness, Sonification
Subjects: G400 Computer Science
Department: Faculties > Engineering and Environment > Computer and Information Sciences
Depositing User: Paul Burns
Date Deposited: 13 Jun 2018 11:45
Last Modified: 11 Oct 2019 17:00
URI: http://nrl.northumbria.ac.uk/id/eprint/34521

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics