Publication:
A novel Machine Learning-based approach for the detection of SSH botnet infection

dc.contributor.authorMartínez Garre, José Tomás
dc.contributor.authorGil Pérez, Manuel
dc.contributor.authorRuiz-Martínez, Antonio
dc.contributor.departmentIngeniería de la Información y las Comunicaciones
dc.date.accessioned2024-02-06T07:53:56Z
dc.date.available2024-02-06T07:53:56Z
dc.date.issued2021-02
dc.description.abstractBotnets are causing severe damages to users, companies, and governments through information theft, abuse of online services, DDoS attacks, etc. Although significant research is being made to detect them and mitigate their effect, they are exponentially increasing due to new zero-day attacks, a variation of their behavior, and obfuscation techniques. High Interaction Honeypots (HIH) are the only honeypots able to capture attacks and log all the information generated by attackers when setting up a botnet. The data generated is being processed using Machine Learning (ML) techniques for detection since they can detect hidden patterns. However, so far, research has been focused on intermediate phases of the botnet’s life cycle during operation, underestimating the initial phase of infection. To the best of our knowledge, this is the first solution in the infection phase of SSH-based botnets. Therefore, we have designed an approach based on an SSH-based HIH to generate a dataset consisting of executed commands and network information. Herein, we have applied ML techniques for the development of a real-time detection model. This approach reached a very high level of prediction and zero false negatives. Indeed, our system detected all known and unknown SSH sessions intended to infect our honeypots. Thus, our research has demonstrated that new SSH infections can be detected through ML techniques.es
dc.formatapplication/pdfes
dc.identifier.citationFuture Generation Computer Systems Volume 115, February 2021, Pages 387-396
dc.identifier.doi10.1016/j.future.2020.09.004
dc.identifier.issn0167-739X
dc.identifier.issn1872-7115 (electrónico)
dc.identifier.urihttp://hdl.handle.net/10201/138682
dc.languageenges
dc.relationThis work has been supported by the Spanish Ministry of Science, Innovation and Universities, FEDER funds, under grant numbers RTI2018-095855-B-I00 and TIN2017-86885-R, the European Commission Horizon 2020 Programme under grant agreement number H2020-SU-DS-2019/883335 - PALANTIR (Practical Autonomous Cyberhealth for resilient SMEs & Microenterprises), and the European Commission (FEDER/ERDF)es
dc.rightsAttribution-NonCommercial-NoDerivates 4.0 International
dc.rights.accessRightsinfo:eu-repo/semantics/openAccess
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subjectBotnet
dc.subjectMachine learning
dc.subjectZero-day malware
dc.subjectHoneypot
dc.subjectHigh interaction
dc.titleA novel Machine Learning-based approach for the detection of SSH botnet infectiones
dc.typeinfo:eu-repo/semantics/articlees
dspace.entity.typePublicationes
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
P02-FGCS_accepted manuscript-digitum.pdf
Size:
606.26 KB
Format:
Adobe Portable Document Format
Description:
License bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
2.26 KB
Format:
Item-specific license agreed upon to submission
Description:
Collections