Abstract
The paper presents a self-adaptive system for the corporate area networks’ resilience in the presence of botnets’ cyberattacks. The resilience is ensured by the adaptive reconfiguration of the network. The reconfiguration of the network is carried out based on security scenarios, adopted on the base of the cluster analysis of gathered Internet traffic features inherent to cyberattacks. In order to choose the needed security scenarios, the proposed method uses a semi-supervised fuzzy c-means clustering. Objects of clustering are feature vectors which elements may indicate the appearance of cyber threats in the corporate area networks. The purpose of the technique is to choose security scenarios according to cyberattacks performed by botnets in order to mitigate the attacks and ensure the network’s resilient functioning.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
NEXUSGUARD: DDoS Threat Report 2017 Q3. https://www.nexusguard.com/threat-report-q3-2017
Oxford Dictionaries. http://www.oxforddictionaries.com/definition/english/botnet?q=botnet
SearchDataCenter. Data Center Resiliency. http://searchdatacenter.techtarget.com/definition/resiliency
Giudice, M., Wilkinson, C.: Crowe Horwath: Resilience Going Beyond Security to a New Level of Readiness (2016). https://www.crowehorwath.com/insights/asset/cyber-resilience-readiness-level
Knapp, E.D., Langill, J.T.: Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems, vol. 460. Syngress (2014)
Cheng, B.H.C., et al.: Software engineering for self-adaptive systems: a research roadmap. In: Cheng, B.H.C., de Lemos, R., Giese, H., Inverardi, P., Magee, J. (eds.) Software Engineering for Self-Adaptive Systems. LNCS, vol. 5525, pp. 1–26. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02161-9_1
Macías-Escrivá, F.D., Haber, R., Del Toro, R., Hernandez, V.: Self-adaptive systems: a survey of current approaches, research challenges and applications. Exp. Syst. Appl. 40(18), 7267–7279 (2013)
Zuzcak, M., Sochor, T.: Behavioral analysis of bot activity in infected systems using honeypots. In: Gaj, P., Kwiecień, A., Sawicki, M. (eds.) CN 2017. CCIS, vol. 718, pp. 118–133. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59767-6_10
Sochor, T., Zuzcak, M.: Attractiveness study of honeypots and honeynets in internet threat detection. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2015. CCIS, vol. 522, pp. 69–81. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19419-6_7
Wang, H., Jia, Q., Fleck, D., Powell, W., Li, F., Stavrou, A.: A moving target DDoS defense mechanism. Comput. Commun. 46, 10–21 (2014)
Javadianasl, Y., Manaf, A.A., Zamani, M.: A practical procedure for collecting more volatile information in live investigation of botnet attack. In: Hassanien, A.E., Fouad, M.M., Manaf, A.A., Zamani, M., Ahmad, R., Kacprzyk, J. (eds.) Multimedia Forensics and Security. ISRL, vol. 115, pp. 381–414. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-44270-9_17
Khattak, S., Ramay, N.R., Khan, K.R., Syed, A.A., Khayam, S.A.: A taxonomy of botnet behavior, detection, and defense. IEEE Commun. Surv. Tutorials 16(2), 898–924 (2014)
Wang, P., Wu, L., Aslam, B., Zou, C.C.: Analysis of Peer-to-Peer botnet attacks and defenses. In: Król, D., Fay, D., Gabryś, B. (eds.) Propagation Phenomena in Real World Networks. ISRL, vol. 85, pp. 183–214. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-15916-4_8
Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognit. Lett. 51, 1–7 (2015)
Hoque, N., Bhuyan, M.H., Baishya, R.C., Bhattacharyya, D.K., Kalita, J.K.: Network attacks: taxonomy, tools and systems. J. Netw. Comput. Appl. 40, 307–324 (2014)
Wang, B., Zheng, Y., Lou, W., Hou, Y.T.: DDoS attack protection in the era of cloud computing and software-defined networking. Comput. Netw. 81, 308–319 (2015)
Pathan, A.S.K. (ed.): Security of Self-organizing Networks: MANET, WSN, WMN, VANET, vol. 638. CRC Press, Boca Raton (2016)
Branitskiy, A., Kotenko, I.: Network attack detection based on combination of neural, immune and neuro-fuzzy classifiers. In: 2015 IEEE 18th International Conference on Computational Science and Engineering (CSE), pp. 152–159 (2015)
Komar, M., Sachenko, A., Bezobrazov, S., Golovko, V.: Intelligent cyber defense system using artificial neural network and immune system techniques. In: Ginige, A., et al. (eds.) Information and Communication Technologies in Education, Research, and Industrial Applications, ICTERI 2016. CCIS, vol. 783, pp. 36–55. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69965-3_3
Bezobrazov, S., Sachenko, A., Komar, M., Rubanau, V.: The methods of artificial intelligence for malicious applications detection in Android OS. Int. J. Comput. 15(3), 184–190 (2016)
Lysenko, S., Savenko, O., Kryshchuk, A., Kljots, Y.: Botnet detection technique for corporate area network. In: Proceedings of the 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), pp. 363–368 (2013)
Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A.: Multi-agent based approach for botnet detection in a corporate area network using fuzzy logic. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2013. CCIS, vol. 370, pp. 146–156. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38865-1_16
Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., Bobrovnikova, K.: Anti-evasion technique for the botnets detection based on the passive DNS monitoring and active DNS probing. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2016. CCIS, vol. 608, pp. 83–95. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39207-3_8
Lysenko, S., Savenko, O., Bobrovnikova, K., Kryshchuk, A., Savenko, B.: Information technology for botnets detection based on their behaviour in the corporate area network. In: Gaj, P., Kwiecień, A., Sawicki, M. (eds.) CN 2017. CCIS, vol. 718, pp. 166–181. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59767-6_14
IMPERVA INCAPSULA. https://www.incapsula.com/ddos/attack-glossary
Najafabadi, M.M., Khoshgoftaar, T.M., Napolitano, A., Wheelus, C.: RUDY Attack: detection at the network level and its important features. In: FLAIRS Conference, pp. 288–293 (2016)
Alejandre, F.V., Cortés, N.C., Anaya, E.A.: Botnet detection using clustering algorithms. Res. Comput. Sci. 118, 65–75 (2016)
Pedrycz, W., Waletzky, J.: Fuzzy clustering with partial supervision. IEEE Trans. Syst. Man Cybernet. Part B (Cybernet.) 27(5), 787–795 (1997)
VIRUS BULLETIN. Grooten, M.: VB2017 Videos on Attacks Against Ukraine. https://www.virusbulletin.com/blog/2017/12/vb2017-videos-attacks-against-ukraine/
SOURCE FORGE: R-U-Dead-Yet? (RUDY) Original Source Code Files. https://sourceforge.net/projects/r-u-dead-yet/
SOURCE FORGE: Hyenae. https://sourceforge.net/projects/hyenae/
Linkov, I., Palma-Oliveira, J.M. (eds.): Resilience and Risk: Methods and Application in Environment, Cyber and Social Domains, vol. 580. Springer, Dordrecht (2017). https://doi.org/10.1007/978-94-024-1123-2
Acknowledgments
We thank the Khmelnytskyi National University for providing access to local network during the performance of the experimental research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Lysenko, S., Savenko, O., Bobrovnikova, K., Kryshchuk, A. (2018). Self-adaptive System for the Corporate Area Network Resilience in the Presence of Botnet Cyberattacks. In: Gaj, P., Sawicki, M., Suchacka, G., Kwiecień, A. (eds) Computer Networks. CN 2018. Communications in Computer and Information Science, vol 860. Springer, Cham. https://doi.org/10.1007/978-3-319-92459-5_31
Download citation
DOI: https://doi.org/10.1007/978-3-319-92459-5_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-92458-8
Online ISBN: 978-3-319-92459-5
eBook Packages: Computer ScienceComputer Science (R0)