An Active and Dynamic Botnet Detection Approach to Track Hidden Concept Drift

机译：一种追踪隐藏概念漂移的主动和动态僵尸网络检测方法

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Nowadays, machine learning has been widely used as a core component in botnet detection systems. However, the assumption of machine learning algorithm is that the underlying botnet data distribution is stable for training and testing, which is vulnerable to well-crafted concept drift attacks, such as mimicry attacks, gradient descent attacks, poisoning attacks and so on. In this paper we present an active and dynamic learning approach to mitigate botnet hidden concept drift attacks. Instead of passively waiting for false negative, this approach could actively find the trend of hidden concept drift attacks using statistical p-values before performance starts to degenerate. And besides periodically retraining, this approach could dynamically reweight pre-dictive features to track the trend of underlying concept drift. We test this approach on the public CTU botnet captures provided by malware capture facility project. The experiment results show that this approach could actively get insights of botnet hidden concept drift, and dynamically evolve to avoid model aging.

机译：如今，机器学习已被广泛用作僵尸网络检测系统中的核心组件。然而，机器学习算法的假设是底层僵尸网络数据分布对于训练和测试是稳定的，这容易受到精心设计的概念漂移攻击，例如Mimicry攻击，梯度下降攻击，中毒攻击等。在本文中，我们提出了一种积极和动态的学习方法来缓解僵尸网络隐藏概念漂移攻击。这种方法在性能开始退化之前，这种方法可以主动找到隐藏概念漂移攻击的隐藏概念漂移攻击的趋势。除了定期再培训外，这种方法可以动态重复重复预测特征，以跟踪潜在的概念漂移的趋势。我们在恶意软件捕获工具项目提供的公共CTU僵尸网络捕获上测试此方法。实验结果表明，这种方法可以积极地了解僵尸网络隐藏概念漂移的见解，并动态发展以避免模型老化。

著录项

来源
《International Conference on Information and Communications Security》|2018年|689p|共15页
会议地点
作者
Zhi Wang; Meiqi Tian; Chunfu Jia;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP309-53;
关键词
Malware; Botnet detection; Concept drift Model aging horizontal correlation;

机译：恶意软件;僵尸网络检测;概念漂移模型老化水平相关性;

相似文献

外文文献
中文文献
专利

1. A Novel Approach for Salt Dome Detection and Tracking using a Hybrid Hidden Markov Model with an Active Contour Model [J] . M. Deriche, Ahmed Abo absa, A. Amin, Journal of Electrical Systems . 2020,第3期

机译：一种新的盐圆顶检测和用活动轮廓模型使用混合隐马尔可夫模型进行跟踪的新方法
2. Wavelet-based Gaussian-mixture hidden Markov model for the detection of multistage seizure dynamics: A proof-of-concept study [J] . Alan WL Chiu, Miron Derchansky, Marija Cotic, BioMedical Engineering OnLine . 2011,第1期

机译：基于小波的高斯混合隐马尔可夫模型用于多阶段癫痫发作动态检测：概念验证研究
3. Dynamically updated diversified ensemble-based approach for handling concept drift [J] . Kanu GOEL, Shalini BATRA Turkish Journal of Electrical Engineering and Computer Sciences . 2020,第1期

机译：动态更新的基于多样化的概念漂移方法方法
4. An Active and Dynamic Botnet Detection Approach to Track Hidden Concept Drift [C] . Zhi Wang, Meiqi Tian, Chunfu Jia International conference on information and communications security . 2018

机译：一种主动和动态的僵尸网络检测方法来跟踪隐藏的概念漂移
5. Topic detection and tracking using Hidden Markov models [D] . Tatavarty, Aditya Sowmya 2011

机译：使用隐马尔可夫模型进行主题检测和跟踪
6. Wavelet-based Gaussian-mixture hidden Markov model for the detection of multistage seizure dynamics: A proof-of-concept study [O] . Alan WL Chiu, Miron Derchansky, Marija Cotic, 2011

机译：基于小波的高斯混合隐马尔可夫模型用于多阶段癫痫发作动态检测：概念验证研究
7. HIT Poster session 1P154Preclinical diastolic dysfunction is related to impaired endothelial function in patients with chronic kidney diseaseP155Early detection of left atrial and left ventricular abnormalities in hypertensive and obese womenP156Right ventricle preserved systolic function irrespective of right ventricular hypertrophy and disease severity in anderson fabry diseaseP157Left atrial volume and function in patients undergoing percutaneous mitral valve repairP158Impact of left ventricular dysfunction on outcomes of patients undergoing direct TAVI with a self-expanding bioprosthesisP159Anatomic Doppler spectrum – retrospective spectral tissue Doppler from ultra high frame rate tissue Doppler imaging for evaluation of tissue deformationP160Phasic dynamics of ischaemic mitral regurgitation after primary coronary intervention in acute myocardial infarction: serial echocardiographic assessment from emergency room to long-term follow-upP161Reproducibility of 3DE RV volumes - novel insights at a regional levelP162Pulmonary vascular capacitance as assessed by echocardiography in pulmonary arterial hypertensionP163Three-dimensional endocardial area strain: a novel parameter for quantitative assessment of global left ventricular systolic functionP164Role of exercise hemodynamics assessed by echocardiography on symptom reduction after MitraClipP165Early identification of ventricular dysfunction in patients with juvenile systemic sclerosisP166Heart failure with and without preserved ejection fraction - the role of biomarkers in the aspect of global longitudinal strainP167Complex systolic deformation of aortic root: insights from two dimensional speckle tracking imageP168Volumetric and deformational imaging usind 2d strain and 3d echocardiography in patients with pulmonary hypertensionP169Influence of pressure load and right ventricular morphology and function on tricuspid regurgitation in pulmonary arterial hypertensionP170Left ventricular myocardial diastolic deformation analysis by 2D speckle tracking echocardiography and relationship with conventional diastolic parameters in chronic aortic regurgitationP171Extracellular volume, and not native T1 time, distinguishes diffuse fibrosis in dilated or hypertrophic cardiomyopathy at 3TP172Left atrial strain is significantly reduced in arterial hypertensionP173Symptomatic severe secondary mitral regurgitation: LV enddiastolic diameter (LVEDD) as preferable parameter for risk stratificationP174Left ventricular mechanics in isolated left bundle branch block at rest and when exercising: exploration of the concept of conductive cardiomyopathyP175Assessment of myocardial scar by 2D contrast echocardiographyP176Chronic pericarditis - expression of a rare disease: Erdheim Chester diseaseP177Aortic arch mechanics with two-dimensional speckle tracking echocardiography to estimate the left ventricular remodelling in hypertensive patientsP178Strain analysis by tissue doppler imaging: comparison of conventional manual measurement with a semi-automated approachP179Distribution of extravascular lung water in heart failure patients assessed by lung ultrasoudP180Surrogate markers for obstructive coronary artery diseaseP181LA deformation and LV longitudinal strain by two-dimensional speckle tracking echocardiography as predictors of postoperative AF development after aortic valve replacement in ASP182Left ventricular diastolic dysfunction in type 2 diabetic patients with non alcoholic fatty liver diseaseP183Myocardial strain by speckle-tracking and evaluation of 3D ejection fraction in drug-induced cardiotoxicity's approach in breast cancer [O] . AB Gevaert, A Borizanova, F Graziani, 2015

机译：HIT墙报1P154Preclinical舒张功能障碍的慢性肾脏diseaseP155Early检测左心房的相关内皮功能受损，左心室异常，高血压和肥胖womenP156Right心室收缩功能正常，不论右心室肥厚和疾病严重程度在安德森法布里diseaseP157Left房容积和经皮二尖瓣修复患者的功能左心室功能障碍与自膨胀生物升降术患者患者患者的结果，来自超高帧速率组织多普勒成像的患者，用于评估缺血二尖瓣复发的组织变形P160平面动力学后在急性心肌梗死冠脉介入干预：从急诊室到三维超声心动图右心室体积的长期跟踪upP161Reproducibility串行超声心动图评价 - 小说由肺动脉高压肺动脉高压术中超声心动图评估的区域SEATP162玻璃血管电容的见解随着少年全身硬化肺源肌腱肌肤，无需保存的射血分数 - 生物标志物在全球纵向菌株的角色在全球纵向菌株P167比分中的一个主动脉根系中的内容：来自二维散斑跟踪Imagep168散热和变形成像的见解，肺高压患者患者患者患者肺动脉高压患者肺动脉高压肺动脉高压术治疗肺动脉高压术治疗的压力载荷和右心室形态和功能通过2D散斑跟踪超声心动图和与常规舒张性参数的关系分析慢性主动脉率高，而不是天然T1的时间，在3TP172LEFT心房菌株中区分扩张或肥厚性心肌病的扩散纤维化在动脉高压症中显着降低了，在动脉高压症P1173例，严重二次二尖瓣重新改善：LV EndDiaal直径（LVEDD）作为休息左侧束分支块中孤立的左束分支块的风险分层P11744444444444444445的概念：探讨了2D对比超声心动图176Chronic心包炎的心肌瘢痕的导电心肌病概念 - 表达罕见具有二维散斑跟踪超声心动图的力学来估算组织多普勒成像的高血压患者左心室重塑：常规人的比较通过半自动方法测量肺血管肺患者肺血管肺水分分布，由肺超声波180surrogalsp181LA变形和LV纵向应变通过二维散斑跟踪超声心动图作为术后AF的预测因子在ASP182LEFT中更换主动脉瓣膜置换后2型糖尿病患者的心室舒张功能障碍非酒精性脂肪肝病患者P183微囊菌株通过斑点跟踪和评估3D乳腺癌中的3D射血分数的评估
8. Multi-Resolution Hidden Markov Model for Optimal Detection, Tracking, Separation, and Classification of Marine Mammal Vocalizations [R] . Harrison, B. F., Baggenstoss, P. M. 2008

机译：用于海洋哺乳动物发声的最佳检测，跟踪，分离和分类的多分辨率隐马尔可夫模型

An Active and Dynamic Botnet Detection Approach to Track Hidden Concept Drift

摘要

著录项

相似文献

相关主题

期刊订阅