Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.11851/6233
Full metadata record
DC FieldValueLanguage
dc.contributor.authorHaltas, Fatih-
dc.contributor.authorUzun, Erkam-
dc.contributor.authorSiseci, Necati-
dc.contributor.authorPosul, Abdulkadir-
dc.contributor.authorEmre, Bakır-
dc.date.accessioned2021-09-11T15:35:24Z-
dc.date.available2021-09-11T15:35:24Z-
dc.date.issued2014en_US
dc.identifier.citation6th International Conference on Cyber Conflict (CyCon) -- JUN 03-06, 2014 -- Tallinn, ESTONIAen_US
dc.identifier.isbn978-9949-9544-0-7-
dc.identifier.issn2325-5366-
dc.identifier.urihttps://hdl.handle.net/20.500.11851/6233-
dc.description.abstractOne of the purposes of active cyber defense systems is identifying infected machines in enterprise networks that are presumably root cause and main agent of various cyber-attacks. To achieve this, researchers have suggested many detection systems that rely on host-monitoring techniques and require deep packet inspection or which are trained by malware samples by applying machine learning and clustering techniques. To our knowledge, most approaches are either lack of being deployed easily to real enterprise networks, because of practicability of their training system which is supposed to be trained by malware samples or dependent to host-based or deep packet inspection analysis which requires a big amount of storage capacity for an enterprise. Beside this, honeypot systems are mostly used to collect malware samples for analysis purposes and identify coining attacks. Rather than keeping experimental results of hot detection techniques as theory and using honeypots for only analysis purposes, in this paper, we present a novel automated hot-infected machine detection system BFH (BotFinder through Honeypots), based on BotFinder, that identifies infected hosts in a real enterprise network by learning approach. Our solution, relies on NetFlow data, is capable of detecting hots which are infected by most-recent malwares whose samples are caught via 97 different honeypot systems. We train BFH by created models, according to malware samples, provided and updated by 97 honeypot systems. BFH system automatically sends caught malwares to classification unit to construct family groups. Later, samples are automatically given to training unit for modeling and perform detection over Net Flow data. Results are double checked by using full packet capture of a month and through tools that identify rogue domains. Our results show that BFH is able to detect infected hosts with very few false-positive rates and successful on handling most-recent malware families since it is fed by 97 Honey pot and it supports large networks with scalability of Hadoop infrastructure, as deployed in a large-scale enterprise network in Turkey.en_US
dc.description.sponsorshipIEEE, NATO Cooperat Cyber Def Ctr Excellence, Microsoft, Verint, Intel, Cisco, Lancope, Ixia, IBMen_US
dc.description.sponsorshipScientific and Technological Research Council of Turkey (TUBITAK)Turkiye Bilimsel ve Teknolojik Arastirma Kurumu (TUBITAK)en_US
dc.description.sponsorshipThis work was an extension of European Union SysSec project and it is funded by The Scientific and Technological Research Council of Turkey (TUBITAK).en_US
dc.language.isoenen_US
dc.publisherIEEEen_US
dc.relation.ispartof2014 6Th International Conference On Cyber Conflict (Cycon 2014)en_US
dc.rightsinfo:eu-repo/semantics/closedAccessen_US
dc.subjectBotneten_US
dc.subjecthoneypots NetFlow analysisen_US
dc.subjectmachine learningen_US
dc.titleAn Automated Bot Detection System Through Honeypots for Large-Scaleen_US
dc.typeConference Objecten_US
dc.relation.ispartofseriesInternational Conference on Cyber Conflicten_US
dc.departmentFaculties, Faculty of Engineering, Department of Computer Engineeringen_US
dc.departmentFakülteler, Mühendislik Fakültesi, Bilgisayar Mühendisliği Bölümütr_TR
dc.identifier.startpage255en_US
dc.identifier.endpage+en_US
dc.authorid0000-0001-5185-7723-
dc.identifier.wosWOS:000349046200017en_US
dc.identifier.scopus2-s2.0-84907921227en_US
dc.institutionauthorUzun, Erkam-
dc.relation.publicationcategoryKonferans Öğesi - Uluslararası - Kurum Öğretim Elemanıen_US
dc.relation.conference6th International Conference on Cyber Conflict (CyCon)en_US
dc.identifier.scopusquality--
item.openairetypeConference Object-
item.languageiso639-1en-
item.grantfulltextnone-
item.fulltextNo Fulltext-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.cerifentitytypePublications-
Appears in Collections:Bilgisayar Mühendisliği Bölümü / Department of Computer Engineering
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection
Show simple item record



CORE Recommender

WEB OF SCIENCETM
Citations

6
checked on Aug 31, 2024

Page view(s)

54
checked on Dec 23, 2024

Google ScholarTM

Check




Altmetric


Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.