Skip to main content
SpringerLink
Log in

Botnet Detection in Software Defined Networks by Deep Learning Techniques

  • Conference paper
  • First Online:
Cyberspace Safety and Security (CSS 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11161))

Included in the following conference series:

Abstract

Botnets are nowadays one of the most widespread and dangerous kind of malware on the internet, so their detection is a very important task. However, many works in this field exploit general malware detection techniques and rely on old or biased traffic samples, which make their results not completely reliable. Moreover, software-defined networking (SDN), which is increasingly replacing conventional networking, drastically limits the number of features that can be extracted from the network traffic and therefore used to detect botnets. In this paper we propose a novel botnet-specific detection methodology based on deep learning techniques, which has been experimented on a new, SDN-specific dataset and reached a very high (up to 96%) traffic classification accuracy. Our algorithms have been implemented on two state-of-the-art frameworks, i.e., Keras and TensorFlow, so we are confident that our experimentation results are reliable and easily reproducible.

This work was partially supported by the Cyber Trainer project (POR FESR Abruzzo 2014–2020).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015). https://www.tensorflow.org/, software available from tensorflow.org

  2. Abu Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 41–52. IMC 2006. ACM, New York, NY, USA (2006). https://doi.org/10.1145/1177080.1177086

  3. Antonakakis, M., et al.: Understanding the mirai botnet. In: Proceedings of the 26th USENIX Conference on Security Symposium, SEC 2017, pp. 1093–1110. USENIX Association, Berkeley, CA, USA (2017)

    Google Scholar 

  4. Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M.: A survey of botnet technology and defenses. In: Proceedings of the 2009 Cybersecurity Applications & Technology Conference for Homeland Security, CATCH 2009, pp. 299–304. IEEE Computer Society, Washington, DC, USA (2009). https://doi.org/10.1109/CATCH.2009.40

  5. Bottou, L.: Stochastic gradient learning in neural networks. In: Proceedings of Neuro-Nîmes 91. EC2, Nimes, France (1991). http://leon.bottou.org/papers/bottou-91c

  6. Chollet, F., et al.: Keras: the python deep learning library (2018). https://keras.io

  7. D’Angelo, G., Rampone, S., Palmieri, F.: An artificial intelligence-based trust model for pervasive computing. In: 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC), pp. 701–706 (2015). https://doi.org/10.1109/3PGCIC.2015.94

  8. D’Angelo, G., Rampone, S., Palmieri, F.: Developing a trust model for pervasive computing based on Apriori association rules learning and Bayesian classification. Soft Comput. 21(21), 6297–6315 (2017). https://doi.org/10.1007/s00500-016-2183-1

    Article  Google Scholar 

  9. Dheeru, D., Karra Taniskidou, E.: UCI machine learning repository: KDD cup 1999 data data set (2018). https://archive.ics.uci.edu/ml/datasets/kdd+cup+1999+data

  10. Duchi, J., Hazan, E., Singer, Y.: Adaptive subgradient methods for online learning and stochastic optimization. J. Mach. Learn. Res. 12, 2121–2159 (2011)

    MathSciNet  MATH  Google Scholar 

  11. Garca, S., Grill, M., Stiborek, J., Zunino, A.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100–123 (2014). https://doi.org/10.1016/j.cose.2014.05.011

    Article  Google Scholar 

  12. Glorot, X., Bordes, A., Bengio, Y.: Deep sparse rectifier neural networks. In: Proceedings of the Fourteenth International Conference on Artificial Intelligence and Statistics, pp. 315–323 (2011)

    Google Scholar 

  13. Hinton, G.: RMSprop: divide the gradient by a running average of its recent magnitude (lecture 6e) (2018). http://www.cs.toronto.edu/~tdijmen/csc321/slides/lecture_slides_lec6.pdf

  14. Jankowski, D., Amanowicz, M.: Intrusion detection in software defined networks with self-organized maps. J. Telecommun. Inf. Technol. 2015(4), 3–9 (2015)

    Google Scholar 

  15. Kalaivani, P., Vijaya, M.: Mining based detection of botnet traffic in network flow. IRACST-Int. J. Comput. Sci. Inf. Technol. Secur. 06, 535–541 (2016)

    Google Scholar 

  16. Kamal, B., Abdeslam, E.F., Abdelbaki, E.E.: Software defined networking (SDN): a survey. Secur. Commun. Netw. 9(18), 5803–5833 (2016). https://doi.org/10.1002/sec.1737

    Article  Google Scholar 

  17. Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. CoRR (2014). http://arxiv.org/abs/1412.6980

  18. Kotsiantis, S., Kanellopoulos, D., Pintelas, P.: Handling imbalanced datasets: a review. GESTS Int. Trans. Comput. Sci. Eng. 30, 25–36 (2005)

    Google Scholar 

  19. LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436 (2015)

    Article  Google Scholar 

  20. Letteri, I., Del Rosso, M., Caianiello, P., Cassioli, D.: Performance of botnet detection by neural networks in software-defined networks. In: Proceedings of the Second Italian Conference on Cyber Security, Milan, Italy, 6th–9th February 2018. (2018). http://ceur-ws.org/Vol-2058/paper-03.pdf

  21. Letteri, I., Della Penna, G.: Sources for botnet detection experiments on SDN networks through machine lerarning techinques (2018). https://github.com/gdellapenna/BotNet-SDN-ML

  22. Miller, S., Busby-Earle, C.: The role of machine learning in botnet detection. In: 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST), December 2016. https://doi.org/10.1109/ICITST.2016.7856730

  23. Oliphant, T.: Numpy (2018). http://www.numpy.org

  24. Open Networking Foundation: Openflow switch specification, version 1.3.0 (2012). https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.3.0.pdf

  25. Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  26. Quittek, J., Zseby, T., Claise, B., Zander, S.: Requirements for IP flow information export (IPFIX) (2004). https://tools.ietf.org/html/rfc3917

  27. Resende, P.A.A., Drummond, A.C.: The hogzilla dataset (2018). http://ids-hogzilla.org/dataset

  28. Seide, F., Agarwal, A.: CNTK: microsoft’s open-source deep-learning toolkit. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, KDD 2016, pp. 2135–2135. ACM, New York, NY, USA (2016). https://doi.org/10.1145/2939672.2945397

  29. Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31, 357–374 (2012). (report)

    Article  Google Scholar 

  30. Srivastava, N., Hinton, G., Krizhevsky, A., Sutskever, I., Salakhutdinov, R.: Dropout: a simple way to prevent neural networks from overfitting. J. Mach. Learn. Res. 15, 1929–1958 (2014). http://jmlr.org/papers/v15/srivastava14a.html

    MathSciNet  MATH  Google Scholar 

  31. Tang, T.A., Mhamdi, L., McLernon, D., Zaidi, S.A.R., Ghogho, M.: Deep learning approach for network intrusion detection in software defined networking. In: 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), October 2016. https://doi.org/10.1109/WINCOM.2016.7777224

  32. Tanwar, G.S., Goar, V.: Tools, techniques & analysis of botnet. In: Proceedings of the 2014 International Conference on Information and Communication Technology for Competitive Strategies, ICTCS 2014, pp. 92:1–92:5. ACM, New York, NY, USA (2014). https://doi.org/10.1145/2677855.2677947

  33. Tariq, F., Baig, S.: Machine learning based botnet detection in software defined networks. Int. J. Secur. Appl. 11, 1–12 (2017)

    Google Scholar 

  34. Theano Development Team: Theano: A Python framework for fast computation of mathematical expressions. arXiv e-prints abs/1605.02688, May 2016. http://arxiv.org/abs/1605.02688

  35. Van, N.T., Thinh, T.N., Sach, L.T.: An anomaly-based network intrusion detection system using deep learning. In: 2017 International Conference on System Science and Engineering (ICSSE), pp. 210–214, July 2017. https://doi.org/10.1109/ICSSE.2017.8030867

  36. Vincent, P., Larochelle, H., Lajoie, I., Bengio, Y., Manzagol, P.A.: Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion. J. Mach. Learn. Res. 11(Dec), 3371–3408 (2010)

    MathSciNet  MATH  Google Scholar 

  37. Wang, W., Zhu, M., Zeng, X., Ye, X., Sheng, Y.: Malware traffic classification using convolutional neural network for representation learning. In: 2017 International Conference on Information Networking (ICOIN), pp. 712–717, January 2017. https://doi.org/10.1109/ICOIN.2017.7899588

  38. Wijesinghe, U., Tupakula, U., Varadharajan, V.: Botnet detection using software defined networking. In: 2015 22nd International Conference on Telecommunications (ICT), pp. 219–224 (2015)

    Google Scholar 

  39. Winter, P., Hermann, E., Zeilinger, M.: Inductive intrusion detection in flow-based network data using one-class support vector machines. In: 2011 4th IFIP International Conference on New Technologies, Mobility and Security, February 2011

    Google Scholar 

  40. Zeiler, M.D.: ADADELTA: an adaptive learning rate method. CoRR abs/1212.5701 (2012). http://arxiv.org/abs/1212.5701

Download references

Author information

Authors and Affiliations

  1. Department of Information Engineering, Computer Science and Mathematics, University of L’Aquila, L’Aquila, Italy

    Ivan Letteri, Giuseppe Della Penna & Giovanni De Gasperis

Authors
  1. Ivan Letteri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giuseppe Della Penna
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Giovanni De Gasperis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Giuseppe Della Penna .

Editor information

Editors and Affiliations

  1. University of Salerno, Fisciano, Italy

    Arcangelo Castiglione

  2. University Politehnica of Bucharest, Bucharest, Romania

    Florin Pop

  3. University of Campania “L. Vanvitelli”, Caserta, Italy

    Massimo Ficco

  4. University of Salerno, Fisciano, Italy

    Francesco Palmieri

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Letteri, I., Della Penna, G., De Gasperis, G. (2018). Botnet Detection in Software Defined Networks by Deep Learning Techniques. In: Castiglione, A., Pop, F., Ficco, M., Palmieri, F. (eds) Cyberspace Safety and Security. CSS 2018. Lecture Notes in Computer Science(), vol 11161. Springer, Cham. https://doi.org/10.1007/978-3-030-01689-0_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01689-0_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01688-3

  • Online ISBN: 978-3-030-01689-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation