C&C session detection using random forest

研究成果: Chapter in Book/Report/Conference proceedingConference contribution

7 被引用数 (Scopus)

抄録

DDoS (Distributed Denial of Service) attack is one of the most used DoS (Denial of Service) attack. It is a distributed attack in which an attacker uses a multitude of compromised computers to attack a single target. Those compromised computers that actually execute the attack are called botnet. To hide their identity, the attacker usually uses a third-party server to control and send attack command to bots, this kind of server is called C&C (command & control) server. The detection of C&C sessions is a strong proof of botnet detection and early detection of DDoS attacks as C&C connections occur before a DDoS attack. Network traffic analysis is an effective method to detect C&C sessions as it is hard to avoid encrypting the payload or change command code. We consider a new feature vector with 55 features, and use a random forest algorithm to build the classifier. Random forest is an ensemble of classifiers that can deal with high-dimension problems. In fact, it can also calculate the importance of features that will help us find the key features responsible for the detection of C&C sessions. Experimental results show that our approach has better performance on C&C session detection.

本文言語英語
ホスト出版物のタイトルProceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017
出版社Association for Computing Machinery, Inc
ISBN(電子版)9781450348881
DOI
出版ステータス出版済み - 1 5 2017
イベント11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017 - Beppu, 日本
継続期間: 1 5 20171 7 2017

出版物シリーズ

名前Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017

その他

その他11th International Conference on Ubiquitous Information Management and Communication, IMCOM 2017
国/地域日本
CityBeppu
Period1/5/171/7/17

All Science Journal Classification (ASJC) codes

  • コンピュータ ネットワークおよび通信
  • 情報システム

フィンガープリント

「C&C session detection using random forest」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル