Loading [a11y]/accessibility-menu.js
HBGraph: a Host Behavior Graph Model for C&C Traffic Detection | IEEE Conference Publication | IEEE Xplore

HBGraph: a Host Behavior Graph Model for C&C Traffic Detection


Abstract:

The command and control (C&C) mechanism is the key to realizing many network attack activities. Most available C&C traffic detection methods rely on machine learning. How...Show More

Abstract:

The command and control (C&C) mechanism is the key to realizing many network attack activities. Most available C&C traffic detection methods rely on machine learning. However, the methods often detect specific attacks and struggle to adapt to the complex needs of real-world network traffic environments due to high training costs and limited transferability. To address the problems, we propose a C&C communication traffic detection model called HBGraph, a host behavior graph model based on directed packet payload length sequences. The model can preprocess the original traffic datasets, extract directed payload length sequences, and then integrate them into weighted directed graphs that represent different host communication behaviors. We also propose a method of merging graphs with the same label. In HBGraph, we measure the similarity between the unknown instance and the signature with both node and edge similarity scores. Finally, the model can predict whether the unknown test instance belongs to the C&C communication traffic. After experimental evaluation, we prove that our model has good performance, strong generalizability, and detection ability for C&C communication behaviors.
Date of Conference: 08-10 May 2024
Date Added to IEEE Xplore: 10 July 2024
ISBN Information:

ISSN Information:

Conference Location: Tianjin, China

Funding Agency:


References

References is not available for this document.