Botnet traffic detection using RPCA and Mahalanobis Distance

The botnet attack method comprises a network of devices infected by malwares. After the infection, they start to be controlled by a botmaster to perform malicious operations. Because the high traffic of packets, it is challenging for network administrators to monitor the logs to detect those attacks...

Full description

Saved in:
Bibliographic Details
Published in2019 Workshop on Communication Networks and Power Systems (WCNPS) pp. 1 - 6
Main Authors Vilaca, Eduardo S. C., Vieira, Thiago P. B., de Sousa, Rafael T., da Costa, Joao Paulo C. L.
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.10.2019
Subjects
Botnet
Click Fraud
Cybersecurity
DDoS
Fast Flux
Information Security
Machine learning
Mahalanobis Distance
Malware
Matrix decomposition
Monitoring
Network Traffic
Performance evaluation
Port Scan
Power systems
Principal component analysis
Real-time systems
Robust PCA
Robust Principal Component Analysis
RPCA
SPAM
Telecommunication traffic
Online AccessGet full text

Cover

More Information
Summary:The botnet attack method comprises a network of devices infected by malwares. After the infection, they start to be controlled by a botmaster to perform malicious operations. Because the high traffic of packets, it is challenging for network administrators to monitor the logs to detect those attacks. Therefore, this work proposes a semi-supervised machine learning model intending to identify anomalies on network traffic to detect potential attacks in an automated way. The proposed technique is named RPCA-MD, which applies Robust Principal Component Analysis (RPCA) and Mahalanobis Distance.
DOI:10.1109/WCNPS.2019.8896228