Debashi, Mohamed and Vickers, Paul (2018) Sonification of Network Traffic for Detecting and Learning About Botnet Behavior. IEEE Access, 6. pp. 33826-33839. ISSN 2169-3536
|
Text
Sonification.pdf - Published Version Available under License Creative Commons Attribution. Download (7MB) | Preview |
|
|
Text (Full text)
Debashi, Vickers - Sonification of Network Traffic for Detecting and Learning About Botnet Behaviour AAM.pdf - Accepted Version Download (968kB) | Preview |
Abstract
Today's computer networks are under increasing threat from malicious activity. Botnets (networks of remotely controlled computers, or "bots") operate in such a way that their activity superficially resembles normal network traffic which makes their behaviour hard to detect by current Intrusion Detection Systems (IDS). Therefore, new monitoring techniques are needed to enable network operators to detect botnet activity quickly and in real time. Here we show a sonification technique using the SoNSTAR system that maps characteristics of network traffic to a real-time soundscape enabling an operator to hear and detect botnet activity. A case study demonstrated how using traffic log files alongside the interactive SoNSTAR system enabled the identification of new traffic patterns that characteristic botnet behaviour and subsequently the effective targeting and real-time detection of botnet activity. An experiment using the 11.39 GiB ISOT Botnet Dataset, containing labelled botnet traffic data, compared the SoNSTAR system with three leading machine learning-based traffic classifiers in a botnet activity detection test. SoNSTAR demonstrated greater accuracy, precision and recall and much lower false positive rates than the other techniques. The knowledge generated about characteristic botnet behaviours could be used in the development of future IDSs.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | Botnet Detection, Intrusion Detection Systems, Network Monitoring, Situational Awareness, Sonification |
Subjects: | G400 Computer Science |
Department: | Faculties > Engineering and Environment > Computer and Information Sciences |
Depositing User: | Paul Burns |
Date Deposited: | 13 Jun 2018 11:45 |
Last Modified: | 01 Aug 2021 10:05 |
URI: | http://nrl.northumbria.ac.uk/id/eprint/34521 |
Downloads
Downloads per month over past year