Skip to main content
SpringerLink
Log in
Book cover

Computational Intelligence in Security for Information Systems Conference

International Conference on EUropean Transnational Education

CISIS 2022, ICEUTE 2022: International Joint Conference 15th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2022) 13th International Conference on EUropean Transnational Education (ICEUTE 2022) pp 192–201Cite as

A Deep Learning-Based Approach for Mimicking Network Topologies: The Neris Botnet as a Case of Study

  • Conference paper
  • First Online:

  • 225 Accesses

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 532))

Abstract

The number of connected devices to Internet is growing every year, making almost everything in touch. However, this scenario increase the probability of systems and communications of suffering security attacks since the attack surface increases proportionally. To counteract against security attacks and threats Network Intrusion Detection Systems (NIDSs) are one of the most used security defenses nowadays. They rely on the use of predefined dataset’s for their training and evaluation. However, datasets inner characteristics directly affect the robustness, reliability and performance of NIDSs. In this work, we propose the use of a Variational Autoencoder (VAE) to accurately generate network topologies. For that, we consider the IP addresses as a categorical information to generate them. Previous works avoid to use IPs to generate synthetic network samples thus losing relevant contextual information for NIDSs. Results show the feasibility of the proposed system to mimic the Neris Botnet behavior and characterizing its node roles.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   199.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Abadi, M., et al.: TensorFlow: large-scale machine learning on heterogeneous systems (2015)

    Google Scholar 

  2. Alshammari, R., Zincir-Heywood, A.N.: Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? Comput. Netw. 55(6), 1326–1350 (2011)

    Article  Google Scholar 

  3. Bakker, B.: Reinforcement learning with long short-term memory. In: Dietterich, T., Becker, S., Ghahramani, Z. (eds.) Advances in Neural Information Processing Systems, vol. 14. MIT Press (2001)

    Google Scholar 

  4. Barua, S., Islam, M.M., Yao, X., Murase, K.: MWMOTE-majority weighted minority oversampling technique for imbalanced data set learning. IEEE Trans. Knowl. Data Eng. 26(2), 405–425 (2014)

    Article  Google Scholar 

  5. Chawla, N.V., Bowyer, K.W., Hall, L.O., Kegelmeyer, W.P.: SMOTE: synthetic minority over-sampling technique. J. Artif. Intell. Res. 16, 321–357 (2002)

    Article  MATH  Google Scholar 

  6. Cisco: Cisco Annual Internet Report (2018–2023) White Paper (2020). https://bit.ly/3jpAgNx

  7. Dablain, D., Krawczyk, B., Chawla, N.V.: DeepSMOTE: fusing deep learning and smote for imbalanced data. IEEE Trans. Neural Netw. Learn. Syst. 1–15 (2022)

    Google Scholar 

  8. Engelmann, J., Lessmann, S.: Conditional Wasserstein GAN-based oversampling of tabular data for imbalanced learning. Expert Syst. Appl. 174, 114582 (2021)

    Google Scholar 

  9. ENISA: ENISA Threat Landscape (2020) White Paper (2020). https://www.enisa.europa.eu/news/enisa-news/enisa-threat-landscape-2020

  10. Fajardo, V.A., et al.: On oversampling imbalanced data with deep conditional generative models. Expert Syst. Appl. 169, 114463 (2021)

    Google Scholar 

  11. He, H., Bai, Y., Garcia, E.A., Li, S.: ADASYN: adaptive synthetic sampling approach for imbalanced learning. In: 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), pp. 1322–1328 (2008)

    Google Scholar 

  12. Kingma, D.P., Welling, M.: Auto-encoding variational bayes. arXiv preprint arXiv:1312.6114 (2013)

  13. Lab, S.: CTU-13 Dataset. Capture 42. Neris botnet (2011)

    Google Scholar 

  14. Lim, S.K., Loo, Y., Tran, N.T., Cheung, N.M., Roig, G., Elovici, Y.: Doping: generative data augmentation for unsupervised anomaly detection with GAN. In: 2018 IEEE International Conference on Data Mining (ICDM), pp. 1122–1127 (2018)

    Google Scholar 

  15. Maciá-Fernández, G., Camacho, J., Magán-Carrión, R., García-Teodoro, P., Therón, R.: UGR’16: a new dataset for the evaluation of cyclostationarity-based network IDSs. Comput. Secur. 73, 411–424 (2018). https://doi.org/10.1016/j.cose.2017.11.004

  16. Magán-Carrión, R., Urda, D., Diaz-Cano, I., Dorronsoro, B.: Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches. Appl. Sci. 10(5) (2020)

    Google Scholar 

  17. Medina, A., Lakhina, A., Matta, I., Byers, J.: Brite: an approach to universal topology generation. In: Proceedings Ninth International Symposium on Modeling, Analysis and Simulation of Computer and Telecommunication Systems, MASCOTS 2001, pp. 346–353. IEEE (2001)

    Google Scholar 

  18. Sterbenz, J.P., Çetinkaya, E.K., Hameed, M.A., Jabbar, A., Qian, S., Rohrer, J.P.: Evaluation of network resilience, survivability, and disruption tolerance: analysis, topology generation, simulation, and experimentation. Telecommun. Syst. 52(2), 705–736 (2013)

    Google Scholar 

  19. Vaswani, A., et al.: Attention is all you need. In: Advances in Neural Information Processing Systems, vol. 30 (2017)

    Google Scholar 

  20. Vu, L., Bui, C.T., Nguyen, Q.U.: A deep learning based method for handling imbalanced problem in network traffic classification. In: Proceedings of the Eighth International Symposium on Information and Communication Technology, SoICT 2017, pp. 333–339. Association for Computing Machinery, New York (2017)

    Google Scholar 

  21. Xiong, P., Buffett, S., Iqbal, S., Lamontagne, P., Mamun, M., Molyneaux, H.: Towards a robust and trustworthy machine learning system development: an engineering perspective. J. Inf. Secur. Appl. 65, 103121 (2022)

    Google Scholar 

Download references

Acknowledgments

This work has been partially funded by the SICRAC project (PID2020-114495RB-I00) of the Ministerio de Ciencia, Innovación y Universidades, as well as the projects PID2020-113462RB-I00 (ANIMALICOS), funded by the Ministerio de Economía y Competitividad, P18-RT-4830 and A-TIC-608-UGR20 funded by Junta de Andalucía, and the project B-TIC-402-UGR18 (FEDER and Junta de Andalucía).

Author information

Authors and Affiliations

  1. Network Engineering and Security Group, Department of Signal Theory, Communications and Telematics, University of Granada, Granada, Spain

    Francisco Álvarez-Terribas, Roberto Magán-Carrión & Gabriel Maciá-Fernández

  2. Free software for Optimisation, Search, and Machine Learning (GeNeura), Department of Signal Theory, Communications and Telematics, University of Granada (Spain), Granada, Spain

    Antonio M. Mora García

Authors
  1. Francisco Álvarez-Terribas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Roberto Magán-Carrión
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gabriel Maciá-Fernández
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Antonio M. Mora García
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Francisco Álvarez-Terribas .

Editor information

Editors and Affiliations

  1. Faculty of Engineering, University of Deusto, Bilbao, Spain

    Pablo García Bringas

  2. University of León, León, Spain

    Hilde Pérez García

  3. University of La Rioja, Logroño, Spain

    Francisco Javier Martínez de Pisón

  4. University of Oviedo, Oviedo, Spain

    José Ramón Villar Flecha

  5. Data Science and Big Data Lab, Pablo de Olavide University, Sevilla, Spain

    Alicia Troncoso Lora

  6. University of Oviedo, Oviedo, Spain

    Enrique A. de la Cal

  7. Departamento de Ingeniería Informática, Escuela Politécnica Superior, University of Burgos, Burgos, Spain

    Álvaro Herrero

  8. Pablo de Olavide University, Seville, Spain

    Francisco Martínez Álvarez

  9. University of Bergamo, Bergamo, Italy

    Giuseppe Psaila

  10. Department of Industrial Engineering, University of A Coruña, Ferrol, Spain

    Héctor Quintián

  11. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Álvarez-Terribas, F., Magán-Carrión, R., Maciá-Fernández, G., Mora García, A.M. (2023). A Deep Learning-Based Approach for Mimicking Network Topologies: The Neris Botnet as a Case of Study. In: García Bringas, P., et al. International Joint Conference 15th International Conference on Computational Intelligence in Security for Information Systems (CISIS 2022) 13th International Conference on EUropean Transnational Education (ICEUTE 2022). CISIS ICEUTE 2022 2022. Lecture Notes in Networks and Systems, vol 532. Springer, Cham. https://doi.org/10.1007/978-3-031-18409-3_19

Download citation

Publish with us

Policies and ethics

Search

Navigation