کاهش نرخ هشدارهای نادرست در تشخیص بات‌نت‌ها با ترکیب الگوریتم‌های k- نزدیکترین همسایگی و گرادیان کاهش تصادفی

نوع مقاله : مقاله پژوهشی (توسعه ای)

نویسنده

استادیار، گروه علوم کامپیوتر، داشگاه گلستان، گرگان، ایران.

10.48301/kssa.2024.423558.2754

چکیده

با گسترش روزافزون شبکه­های متصل به اینترنت، حملات مهاجمان به این شبکه­ها نیز رشد کرده است. بنابراین، محققان زیادی برای مقابله با بات­نت­ها که از راه دور منجر به آلودگی سیستم­ها می­شوند راهکارهایی را ارائه کرده­اند. یکی از معضلات اصلی روش­های موجود، نرخ بالای هشدارهای نادرست تولید شده توسط سیستم­های تشخیص حمله از جمله نرخ مثبت کاذب و منفی کاذب است. در این مقاله برای کاهش نرخ هشدارهای نادرست از ترکیب دو الگوریتم یادگیری ماشین استفاده می­شود. در مرحله اول راهکار پیشنهادی، مجموعه داده وارد یک مرحله پیش­پردازش می­شود تا داده­های پرت و نویز شناسایی شده و کنار گذاشته شوند. پس از آن با استفاده از الگوریتم k- نزدیکترین همسایگی، ویژگی­های غیر مفید که در تعیین کلاس داده­ها اثری ندارند از مجموعه داده کنار گذاشته می­شوند. در مرحله بعدی، برای تشخیص دقیق کلاس داده­ها و دسته­بندی آنها به داده عادی یا حمله بات­نت، از الگوریتم گرادیان کاهش تصادفی استفاده می­گردد. در پایان، با انجام آزمایش­های مختلف بر روی مجموعه داده­های CTU-13 و BoT-IoT در هر دو حالت دودویی و چند کلاسه، مقادیر معیارهای مهم ارزیابی کارآیی سیستم تشخیص حملات بات­نت به­دست می­آیند. نتایج نشان می­دهد که در مجموعه داده CTU-13، در حالت دودویی و چند کلاسه به­ترتیب نرخ منفی کاذب 0.01 و 0.04 و نرخ مثبت کاذب 0.01 و 0.05 و برای مجموعه داده BoT-IoT، در حالت دودویی و چند کلاسه به­ترتیب نرخ منفی کاذب 0.0۲ و 0.0۵ و نرخ مثبت کاذب 0.0۳ و 0.05  به­دست می­آید که در مقایسه با سایر روش­های موجود از برتری برخوردار است و نشان می­دهد که روش پیشنهادی منجر به کاهش نرخ هشدارهای نادرست و در نتیجه بهبود کارآیی می­شود.

کلیدواژه‌ها

موضوعات

عنوان مقاله [English]

Reducing the False Alarm Rates in Detecting Botnets Using the Combination of K-Nearest Neighbors and Stochastic Gradient Descent Algorithms

نویسنده [English]

  • Aliakbar Tajari Siahmarzkooh
Assistant Professor, Department of Computer Sciences, Golestan University, Gorgan, Iran.
چکیده [English]

With the increasing expansion of networks connected to the internet, attackers' efforts against these networks have also grown. Therefore, many researchers have proposed solutions to deal with botnets that lead to remote contamination of systems. One of the main problems of existing methods is the high rate of false alarms produced by attack detection systems, including the rate of false positives and false negatives. In the present research, by using machine learning algorithms, these alarm rates were reduced. In the first stage of the proposed solution, the dataset entered a pre-processing stage so that outliers and noise data were identified and discarded. Then, using the K-Nearest Neighbor algorithm, the non-useful features that had no effect in determining the data class were excluded from the dataset. In the next step, the Gradient Descent algorithm was used to accurately detect the class of data and categorize them into normal data or botnet attack. Finally, by performing various tests on the CTU-13 and BoT-IoT datasets in both binary and multi-class modes, the values of the important criteria for evaluating the effectiveness of the botnet attack detection system were obtained. The results showed that in the CTU-13 dataset, in binary and multi-class mode, the false negative rates were 0.01 and 0.04, and the false positive rates were 0.01 and 0.05, respectively; and for the BoT-IoT dataset, in binary and multi-class mode, the false negative rates were 0.02 and 0.05 and the false positive rates were 0.03 and 0.05, respectively. Compared to other existing methods, the proposed method is superior and demonstrates a reduction in the rate of false alarms and improves efficiency.

کلیدواژه‌ها [English]

  • Botnet Detection False Alarm Rate K
  • Nearest Neighbors Algorithm Stochastic Gradient Descent

مراجع

[1] Debicha, I., Cochez, B., Kenaza, T., Debatty, T., Dricot, J-M., & Mees, W. (2023). Adv-Bot: Realistic adversarial botnet attacks against network intrusion detection systems. Computers & Security, 129(4), 103176. https://doi.org/10.1016/j.cose.2023.103176
[2] He, K., Kim, D. D., & Asghar, M. R. (2023). Adversarial Machine Learning for Network Intrusion Detection Systems: A Comprehensive Survey. Institute of Electrical and Electronics Engineers Communications Surveys & Tutorials, 25(1), 538-566. https:/ /doi.org/10.1109/COMST.2022.3233793
[3] Raza, A., Siddiqui, H. U. R., Munir, K., Almutairi, M., Rustam, F., & Ashraf, I. (2022). Ensemble learning-based feature engineering to analyze maternal health during pregnancy and health risk prediction. Plos one, 17(11), e0276525. https://doi.org/10.1371/jour nal. pone.0276525
[4] Noori, A. (2022). A New Method for Detecting Influential Nodes in Social Network Graphs Using Deep Learning Techniques. Karafan Quarterly Scientific Journal, 19(1), 607-628. https://doi.org/10.48301/kssa.2022.310565.1786
[5] Ibrahim, W. N. H., Anuar, S., Selamat, A., Krejcar, O., Crespo, R. G., Herrera-Viedma, E., & Fujita, H. (2021). Multilayer Framework for Botnet Detection Using Machine Learning Algorithms. Institute of Electrical and Electronics Engineers Access, 9, 48753-48768. https://doi.org/10.1109/ACCESS.2021.3060778
[6] Dollah, R. F. M., Faizal, M. A., Arif, F., Mas’ud, M. Z., & Xin, L. K. (2018). Machine Learning for HTTP Botnet Detection Using Classifier Algorithms. Journal of Telecommunication, Electronic and Computer Engineering, 10(1-7), 27-30. https://j tec.utem.edu.my/jtec/article/view/3591
[7] Lee, S., Abdullah, A., Jhanjhi, N., & Kok, S. (2021). Classification of botnet attacks in IoT smart factory using honeypot combined with machine learning. Peer Journal Computer Science, 7(6), e350. https://doi.org/10.7717/peerj-cs.350
[8] Khan, R. U., Zhang, X., Kumar, R., Sharif, A., Golilarz, N. A., & Alazab, M. (2019). An Adaptive Multi-Layer Botnet Detection Technique Using Machine Learning Classifiers. Applied Sciences, 9(11), 2375. https://doi.org/10.3390/app9112375
[9] Alkahtani, H., & Aldhyani, T. H. (2021). Botnet attack detection by using CNN-LSTM model for Internet of Things applications. Security and Communication Networks, 2021, 1-23. https://doi.org/10.1155/2021/3806459
[10] Alissa, K., Alyas, T., Zafar, K., Abbas, Q., Tabassum, N., & Sakib, S. (2022). Botnet attack detection in iot using machine learning. Computational Intelligence and Neuroscience, 2022, 1-14. https://doi.org/10.1155/2022/4515642
[11] Rustam, F., Raza, A., Ashraf, I., & Jurcut, A. D. (2023, June 13-15). Deep Ensemble-based Efficient Framework for Network Attack Detection. 2023 21st Mediterranean Communication and Computer Networking Conference, Island of Ponza, Italy. https ://doi.org/10.1109/MedComNet58619.2023.10168864
[12] Bojarajulu, B., Tanwar, S., & Singh, T. P. (2023). Intelligent IoT-BOTNET attack detection model with optimized hybrid classification model. Computers & Security, 126(2), 103064. https://doi.org/10.1016/j.cose.2022.103064
[13] Karthik, M. G., & Krishnan, M. B. M. (2021). Hybrid random forest and synthetic minority over sampling technique for detecting internet of things attacks. Journal of Ambient Intelligence and Humanized Computing, 1-11. https://doi.org/10.1007/s12652-021-03082-3
[14] Moorthy, R. S., & Pabitha, P. (2020). Optimal Detection of Phising Attack using SCA based K-NN. Procedia Computer Science, 171, 1716-1725. https://doi.org/10.1016/ j.procs.2020.04.184
[15] Liao, Y., & Vemuri, V. R. (2002). Use of K-Nearest Neighbor classifier for intrusion detection. Computers & Security, 21(5), 439-448. https://doi.org/10.1016/S0167-40 48(02)00514-X
[16] Jahromi, A. H., & Taheri, M. (2017, October 25-27). A non-parametric mixture of Gaussian naive Bayes classifiers based on local independent features. 2017 Artificial Intelligence and Signal Processing Conference, Shiraz, Iran. https://doi.org/10.1109/AISP.2017. 8324083
[17] Peppes, N., Daskalakis, E., Alexakis, T., Adamopoulou, E., & Demestichas, K. (2021). Performance of Machine Learning-Based Multi-Model Voting Ensemble Methods for Network Threat Detection in Agriculture 4.0. Sensors, 21(22), 7475. https://doi. org/10.3390/s21227475
[18] Bottou, L. (2012). Stochastic Gradient Descent Tricks. In G. Montavon, G. B. Orr, & K-R. Müller (Eds.), Neural Networks: Tricks of the Trade: Second Edition (2 ed.). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-35289-8_25
[19] García, S., Grill, M., Stiborek, J., & Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45, 100-123. https://doi.org/10.1016/j.co se.2014.05.011
[20] Ahmed, S., Khan, Z. A., Mohsin, S. M., Latif, S., Aslam, S., Mujlid, H., Adil, M., & Najam, Z. (2023). Effective and Efficient DDoS Attack Detection Using Deep Learning Algorithm, Multi-Layer Perceptron. Future Internet, 15(2), 76. https://doi.org/10.33 90/fi15020076
[21] Gong, D., & Liu, Y. (2022, May 20-22). A Mechine Learning Approach for Botnet Detection Using LightGBM. 2022 3rd International Conference on Computer Vision, Image and Deep Learning & International Conference on Computer Engineering and Applications, Changchun, China. https://doi.org/10.1109/CVIDLICCEA56201.2022.9824033
[22] Waskle, S., Parashar, L., & Singh, U. (2020, July 2-4). Intrusion Detection System Using PCA with Random Forest Approach. 2020 International Conference on Electronics and Sustainable Communication Systems, Coimbatore, India. https://doi.org/10.110 9/ICESC48915.2020.9155656
[23] Samunnisa, K., Kumar, G. S. V., & Madhavi, K. (2023). Intrusion detection system in distributed cloud computing: Hybrid clustering and classification methods. Measurement: Sensors, 25, 100612. https://doi.org/10.1016/j.measen.2022.100612
[24] Dietterich, T. G. (2000). An Experimental Comparison of Three Methods for Constructing Ensembles of Decision Trees: Bagging, Boosting, and Randomization. Machine Learning, 40(2), 139-157. https://doi.org/10.1023/A:1007607513941
[25] Sivamohan, S., Sridhar, S. S., & Krishnaveni, S. (2021, June 25-27). An Effective Recurrent Neural Network (RNN) based Intrusion Detection via Bi-directional Long Short-Term Memory. 2021 International Conference on Intelligent Technologies,  Hubli, India. https://doi.org/10.1109/CONIT51480.2021.9498552
[26] Wang, H., Gu, J., & Wang, S. (2017). An effective intrusion detection framework based on SVM with feature augmentation. Knowledge-Based Systems, 136, 130-139. https ://doi.org/10.1016/j.knosys.2017.09.014
فصلنامه علمی کارافن
دوره 20، شماره 3
فنی و مهندسی
آذر 1402
صفحه 553-570

فایل ها

سابقه مقاله

  • تاریخ دریافت: 14 آبان 1402
  • تاریخ بازنگری: 03 دی 1402
  • تاریخ پذیرش: 01 بهمن 1402

هم رسانی

ارجاع به این مقاله

آمار