Upload File

1 joseph ghafari artificial neural networks botnet detection for stéphane sénécal, emmanuel...

  • Home
  • Documents
  • 1 Joseph Ghafari Artificial Neural Networks Botnet detection for Stéphane Sénécal, Emmanuel Herbert
48
1 Joseph Ghafari tificial Neural Netwo Botnet detection for Stéphane Sénécal, Emmanuel Herbert

Upload: sandra-crooke

Post on 01-Apr-2015

218 views

Category:

Documents


1 download

Report

TRANSCRIPT

  • Slide 1

1 Joseph Ghafari Artificial Neural Networks Botnet detection for Stphane Sncal, Emmanuel Herbert Slide 2 Figures Botnets Neurons Results Conclusion 2 Slide 3 3 Figures Botnets Neurons Results Conclusion BotBotnetDNS Neural NetworkMLPELM ConfigurationResults ConclusionWhat now Facts & FiguresFinancial impact Slide 4 4 Figures Botnets Neurons Results Conclusion Slide 5 Facts & Figures about Botnets 5 Figures Botnets Neurons Results Conclusion 88% of all spam 77 spam / min (200B spam / day) / bot! Slide 6 Facts & Figures about Botnets 6 Figures Botnets Neurons Results Conclusion 150,000 bots / day Bredolab: 30M bots Slide 7 Financial impact 7 Figures Botnets Neurons Results Conclusion 6 banks robbed 200 accounts hacked $ 4,7M stolen Slide 8 Financial impact 8 Figures Botnets Neurons Results Conclusion 140 M clicks / day $ 900 K / day Slide 9 9 Figures Neurons Results Conclusion Botnets Slide 10 10 Figures Results Conclusion Neurons Botnets Bot - Infection Slide 11 11 Figures Results Conclusion Neurons Botnets Bot Propagation Slide 12 12 Figures Results Conclusion Neurons Botnets Bot Propagation 24h340,000 infections Slide 13 13 Figures Results Conclusion Neurons Botnets Botnets - Etymologie BotNet RobotNetwork Slide 14 14 Figures Results Conclusion Neurons Botnets Botnets - Etymologie C&C Slide 15 15 Figures Results Conclusion Neurons Botnets Botnets Control structure C&C Slide 16 16 Figures Results Conclusion Neurons Botnets Botnets Clients C&C Slide 17 17 Figures Results Conclusion Neurons Botnets Botnets Spam Slide 18 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 18 Figures Results Conclusion Neurons Botnets Botnets DDoS Attacks Slide 19 19 Figures Results Conclusion Neurons Botnets Botnets DDoS Attacks Slide 20 20 Figures Results Conclusion Neurons Botnets Botnets DDoS Attacks Slide 21 21 Figures Results Conclusion Neurons Botnets Notions - Internet Slide 22 22 Figures Results Conclusion Neurons Botnets Notions - Internet 47.12.101.3 12.1.40.8 31.28.150.102 116.4.92.50 Slide 23 23 Figures Results Conclusion Neurons Botnets Notions - Internet 47.12.101.3 12.1.40.8 31.28.150.102 116.4.92.50 Slide 24 24 Figures Results Conclusion Neurons Botnets Notions - Internet bbc.co.uk www.emn.fr www.orange.fr www.google.com Slide 25 25 Figures Results Conclusion Neurons Botnets DNS How it works www.emn.fr O se trouve www.emn.fr ? 12.1.40.8 Slide 26 26 Figures Results Conclusion Neurons Botnets Botnets & DNS C&C DNS 40.101.12.3 O se trouve www.todaysfutbol.com ? 40.101.12.3 www.todaysfutbol.com Slide 27 27 Figures Results Conclusion Neurons Botnets DNS Data DNS Q R Slide 28 28 Figures Results Conclusion Neurons Botnets Problem Botnet ? Slide 29 29 Figures Results Conclusion Neurons Botnets Aim Botnet Lgitime Slide 30 30 Figures Results Conclusion Botnets Neurons Slide 31 31 Figures Results Conclusion Neurons Botnets A neuron Slide 32 32 Figures Results Conclusion Neurons Botnets The artificial neuron Slide 33 33 Figures Results Conclusion Neurons Botnets Neural network Slide 34 34 Figures Results Conclusion Neurons Botnets Artificial neural network Slide 35 35 Figures Results Conclusion Neurons Botnets Artificial neural network Botnet Normal Slide 36 36 Figures Results Conclusion Neurons Botnets Multi-Layer Perceptron (MLP) Slide 37 37 Figures Results Conclusion Neurons Botnets Multi-Layer Perceptron (MLP) Slide 38 38 Figures Results Conclusion Neurons Botnets MLP Step 1 Propagation Slide 39 39 Figures Results Conclusion Neurons Botnets MLP Step 2 Computing the error Slide 40 40 Figures Results Conclusion Neurons Botnets MLP Step 3 Error Back-propagation Slide 41 41 Figures Results Conclusion Neurons Botnets MLP Example Slide 42 42 Figures Results Conclusion Neurons Botnets Extreme Learning Machine (ELM) Dsquilibre des donnes Superposition de classes Contrainte Temps rel Slide 43 43 Figures Results Conclusion Neurons Botnets Extreme Learning Machine (ELM) Slide 44 44 Figures Results Conclusion Neurons Botnets Extreme Learning Machine (ELM) Slide 45 45 Figures Results Conclusion Neurons Botnets ELM Step 1 Slide 46 46 Figures Results Conclusion Neurons Botnets ELM Phase 2 Propagation Slide 47 47 Figures Results Conclusion Neurons Botnets ELM Phase 3 Slide 48 48 Figures Results Conclusion Neurons Botnets ELM Example Slide 49 49 Figures Results Conclusion Neurons Botnets MLP ELM MLP ELM Simple Deep Learning speed Hyper parameters Shalow Hyper parameters Understanding Slide 50 50 Figures Botnets Results Neurons Conclusion Slide 51 51 Figures Botnets Results Neurons Conclusion Procedure About 10,000 input cases1 1000 neurons512 feature combinations tested 2/3learning set 1/3validation set Slide 52 52 Figures Botnets Results Neurons Conclusion Results Optimal feature set Hour of the query TTL (Time To Live) Errors during query process Slide 53 53 Figures Botnets Results Neurons Conclusion Results Confusion Matrix Predicted Expected Botnet Legitimate Botnet 1719 251660 1551874 1685 181517443559 Slide 54 54 Figures Botnets Results Neurons Conclusion Results Measures Precision = 0,92 Recall = 0,99 Accuracy = 94,94 % (Error rate = 5,06 %) False Positives = 8,5 % (4,36 % total) False Negatives = 1,4 % (0,7 % total) Slide 55 55 Figures Botnets Neurons Conclusion Results Slide 56 56 Figures Botnets Neurons Conclusion Results Conclusion Fast learning Online/Batch possible Good performances Not enough dataHighly heterogeneous data Slide 57 57 Figures Botnets Neurons Conclusion Results What now Gather more data Use the lists instead of statistical values for distributions Take advantage of non numeric data (IP address, Query ID, ) Slide 58 58 Figures Botnets Neurons Conclusion Results Slide 59


Sounds Like Botnet

BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt ... · IoT Botnet of High-Wattage Devices Smart appliances’ power usage The Mirai botnet →600,000 bots A Mirai sized botnet

Botnet Dection system. Introduction Botnet problem Challenges for botnet detection

Botnet for dummies

Botnet Infiltration

Gorynch botnet

Botnetler Ve Tehdit Gözetleme Sistemiulakbim.tubitak.gov.tr/sites/images/Ulakbim/tehditgozetlemesistemi... · Your Botnet is My Botnet : Analysis of a Botnet Takeover. Security

Ehsan Ghafari, Seyedali Ghahari, Yining Feng Na … Guest...Ehsan Ghafari, Seyedali Ghahari, Yining Feng Na (Luna) ... Journal of Applied Physics Reviews, Vol. 1, ... and electric

Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09_botnet.pdf · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett ... (such as bank account

Présentation botnet u_laval

Botnet slide

Infostealer Botnet Reveal

What is botnet?

Joseph Ghafari

Botnet Tutorial

Your Botnet is My Botnet: Analysis of a Botnet Takeoverchris/research/doc/ccs09... · 2020-06-06 · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco

רשתות BOTNET

Grant proposal 2011 By: Aneta Braam, Kristina Ghafari ... · Grant proposal 2011 By: Aneta Braam, Kristina Ghafari, Jennifer Mitchell, Crystal Meyers Framingham State University

Spamhaus Botnet Threat Report 2019 - Amazon Web Services...Malware associated with botnet C&Cs in 2018 5 ... SPAMHAUS BOTNET THREAT REPORT 2019. Welcome to the Spamhaus Botnet Threat

Botnet ppt

Your Botnet is My Botnet: Analysis of a Botnet Takeover

Mirai botnet

Botnet Classification

Shuabang Botnet

Your Botnet is My Botnet : Analysis of a Botnet Takeover

LE CAS DU BASSIN DU JOURDAIN 1 Alexandre GHAFARI Octobre 2009

Improve DDoS Botnet Tracking With Honeypots - …...DDoS botnet tracking •It’s aimed to learn botnet assisted DDoS attacks –4w: who is being attacked by what botnet families

Your Botnet is My Botnet: Analysis of a Botnet Takeover · Your Botnet is My Botnet: Analysis of a Botnet Takeover Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin

Anatomy of a Botnet - تواناAnatomy of a Botnet 1 Executive Summary ... Fueled by innovations like do-it-yourself botnet construction kits and rent-a-botnet business models, the

Botnet and Worms

Botnet detection using correlated anomalies · deals with machine learning techniques and algorithms used for training botnet ... Botnet detection faces a number of ... Botnet detection

Paper Presentation - "Your Botnet is my Botnet : Analysis of a Botnet Takeover"

Tracing Botnet in Taiwan - FIRST Botnet Analysis Module (BAM) – C&C Tracer – Botnet Tracer The Botnet in Taiwan – Case Study Ⅰ IRC Botnet ... Tracing Botnet in Taiwan Author:

introduction to Botnet

Conficker Botnet