Network Anomaly Detection Based on Artificial Intelligence View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2018-11-11

AUTHORS

Chia-Mei Chen , Wen-Ling Lo , Gu-Hsin Lai , Yu-Chen Hu

ABSTRACT

The cyber kill chain consists of the following stages: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), actions on objectives. Based on the kill chain framework, identifying botnets is critical for defensing cyber attacks. Bot masters control the botnet through command and control servers; they often adopt the most commonly used communication channel such as through web connection in order to blend in malicious communication messages into massive normal traffic for detection evasion purpose. By analyzing malicious and normal traffic, this study discovered the network anomalous patterns. Botnet connections exhibit some similarity behaviors which are not possessed by normal traffic. This study develops an anomaly score function to represent the anomalies and proposes a network anomaly detection method based on ant colony optimization algorithm and clustering algorithm. The experimental results show that the proposed anomaly detection method identifies botnets efficiently. More... »

PAGES

191-195

Book

TITLE

Recent Advances in Intelligent Information Hiding and Multimedia Signal Processing

ISBN

978-3-030-03747-5
978-3-030-03748-2

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-030-03748-2_23

DOI

http://dx.doi.org/10.1007/978-3-030-03748-2_23

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1109848656


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0806", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information Systems", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "National Sun Yat-sen University", 
          "id": "https://www.grid.ac/institutes/grid.412036.2", 
          "name": [
            "Department of Information Management, National Sun Yat-sen University, Kaohsiung, Taiwan"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Chen", 
        "givenName": "Chia-Mei", 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "National Sun Yat-sen University", 
          "id": "https://www.grid.ac/institutes/grid.412036.2", 
          "name": [
            "Department of Information Management, National Sun Yat-sen University, Kaohsiung, Taiwan"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lo", 
        "givenName": "Wen-Ling", 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "name": [
            "Department of Technology Crime Investigation, Taiwan Police College, Taipei, Taiwan"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Lai", 
        "givenName": "Gu-Hsin", 
        "id": "sg:person.014772053473.91", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014772053473.91"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Providence University", 
          "id": "https://www.grid.ac/institutes/grid.412550.7", 
          "name": [
            "Department of Computer Science and Information Management, Providence University, Taichung, Taiwan"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Hu", 
        "givenName": "Yu-Chen", 
        "id": "sg:person.012113441135.19", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012113441135.19"
        ], 
        "type": "Person"
      }
    ], 
    "citation": [
      {
        "id": "https://doi.org/10.1016/j.eswa.2007.06.034", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1015727614"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/1090191.1080118", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1063150895"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/icicic.2009.127", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093384185"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/icpads.2011.11", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1094614458"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/wicom.2012.6478491", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1094716439"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/icc.2007.1020", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1094757289"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/iccee.2009.151", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1095389004"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/sectech.2008.52", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1095762025"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/malware.2012.6461004", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1095798400"
        ], 
        "type": "CreativeWork"
      }
    ], 
    "datePublished": "2018-11-11", 
    "datePublishedReg": "2018-11-11", 
    "description": "The cyber kill chain consists of the following stages: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), actions on objectives. Based on the kill chain framework, identifying botnets is critical for defensing cyber attacks. Bot masters control the botnet through command and control servers; they often adopt the most commonly used communication channel such as through web connection in order to blend in malicious communication messages into massive normal traffic for detection evasion purpose. By analyzing malicious and normal traffic, this study discovered the network anomalous patterns. Botnet connections exhibit some similarity behaviors which are not possessed by normal traffic. This study develops an anomaly score function to represent the anomalies and proposes a network anomaly detection method based on ant colony optimization algorithm and clustering algorithm. The experimental results show that the proposed anomaly detection method identifies botnets efficiently.", 
    "editor": [
      {
        "familyName": "Pan", 
        "givenName": "Jeng-Shyang", 
        "type": "Person"
      }, 
      {
        "familyName": "Ito", 
        "givenName": "Akinori", 
        "type": "Person"
      }, 
      {
        "familyName": "Tsai", 
        "givenName": "Pei-Wei", 
        "type": "Person"
      }, 
      {
        "familyName": "Jain", 
        "givenName": "Lakhmi C.", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-030-03748-2_23", 
    "inLanguage": [
      "en"
    ], 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-030-03747-5", 
        "978-3-030-03748-2"
      ], 
      "name": "Recent Advances in Intelligent Information Hiding and Multimedia Signal Processing", 
      "type": "Book"
    }, 
    "name": "Network Anomaly Detection Based on Artificial Intelligence", 
    "pagination": "191-195", 
    "productId": [
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-030-03748-2_23"
        ]
      }, 
      {
        "name": "readcube_id", 
        "type": "PropertyValue", 
        "value": [
          "575811629b7c180212f487ed1542ff68cc713325f5b8cf03d637e990cae50886"
        ]
      }, 
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1109848656"
        ]
      }
    ], 
    "publisher": {
      "location": "Cham", 
      "name": "Springer International Publishing", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-030-03748-2_23", 
      "https://app.dimensions.ai/details/publication/pub.1109848656"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2019-04-16T04:41", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-uberresearch-data-dimensions-target-20181106-alternative/cleanup/v134/2549eaecd7973599484d7c17b260dba0a4ecb94b/merge/v9/a6c9fde33151104705d4d7ff012ea9563521a3ce/jats-lookup/v90/0000000322_0000000322/records_65024_00000000.jsonl", 
    "type": "Chapter", 
    "url": "https://link.springer.com/10.1007%2F978-3-030-03748-2_23"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-03748-2_23'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-03748-2_23'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-03748-2_23'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-030-03748-2_23'


 

This table displays all metadata directly associated to this object as RDF triples.

131 TRIPLES      23 PREDICATES      35 URIs      19 LITERALS      8 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-030-03748-2_23 schema:about anzsrc-for:08
2 anzsrc-for:0806
3 schema:author Na6967c38b3284be28bd9a3aed116d9c3
4 schema:citation https://doi.org/10.1016/j.eswa.2007.06.034
5 https://doi.org/10.1109/icc.2007.1020
6 https://doi.org/10.1109/iccee.2009.151
7 https://doi.org/10.1109/icicic.2009.127
8 https://doi.org/10.1109/icpads.2011.11
9 https://doi.org/10.1109/malware.2012.6461004
10 https://doi.org/10.1109/sectech.2008.52
11 https://doi.org/10.1109/wicom.2012.6478491
12 https://doi.org/10.1145/1090191.1080118
13 schema:datePublished 2018-11-11
14 schema:datePublishedReg 2018-11-11
15 schema:description The cyber kill chain consists of the following stages: reconnaissance, weaponization, delivery, exploitation, installation, command and control (C2), actions on objectives. Based on the kill chain framework, identifying botnets is critical for defensing cyber attacks. Bot masters control the botnet through command and control servers; they often adopt the most commonly used communication channel such as through web connection in order to blend in malicious communication messages into massive normal traffic for detection evasion purpose. By analyzing malicious and normal traffic, this study discovered the network anomalous patterns. Botnet connections exhibit some similarity behaviors which are not possessed by normal traffic. This study develops an anomaly score function to represent the anomalies and proposes a network anomaly detection method based on ant colony optimization algorithm and clustering algorithm. The experimental results show that the proposed anomaly detection method identifies botnets efficiently.
16 schema:editor N4b23dc528eee4b19b9ef518571ef6a09
17 schema:genre chapter
18 schema:inLanguage en
19 schema:isAccessibleForFree false
20 schema:isPartOf Ne5484665a9074ea6be24ea6c9308ad95
21 schema:name Network Anomaly Detection Based on Artificial Intelligence
22 schema:pagination 191-195
23 schema:productId N47a38ddb7f394ff1981779d1e5ffcc3f
24 N74ce467349b5470ea20736f685427b19
25 Nfddcb1bf303f446f8ccfff9d337c08fc
26 schema:publisher Na77dc9fe78e346939c104e4abc95a2fd
27 schema:sameAs https://app.dimensions.ai/details/publication/pub.1109848656
28 https://doi.org/10.1007/978-3-030-03748-2_23
29 schema:sdDatePublished 2019-04-16T04:41
30 schema:sdLicense https://scigraph.springernature.com/explorer/license/
31 schema:sdPublisher Nd9385a85200d4f61b5b7c04225cf6fe6
32 schema:url https://link.springer.com/10.1007%2F978-3-030-03748-2_23
33 sgo:license sg:explorer/license/
34 sgo:sdDataset chapters
35 rdf:type schema:Chapter
36 N1c82853df5b348e482f52c8b63be22af rdf:first sg:person.014772053473.91
37 rdf:rest N98d56a1a503a40978db0419c6a2d7d11
38 N215a2f10170746cb8247033da251ed8d schema:familyName Ito
39 schema:givenName Akinori
40 rdf:type schema:Person
41 N47a38ddb7f394ff1981779d1e5ffcc3f schema:name doi
42 schema:value 10.1007/978-3-030-03748-2_23
43 rdf:type schema:PropertyValue
44 N4b23dc528eee4b19b9ef518571ef6a09 rdf:first Na8a48f0922e742ce9336ac9c546e8820
45 rdf:rest N6ffe14a435c049f986f54d39ffa3a599
46 N4db06f3708b44c0eb91c690260d54a36 schema:familyName Jain
47 schema:givenName Lakhmi C.
48 rdf:type schema:Person
49 N6ffe14a435c049f986f54d39ffa3a599 rdf:first N215a2f10170746cb8247033da251ed8d
50 rdf:rest Neb1e2028e43547468710cb7da42e5f97
51 N74ce467349b5470ea20736f685427b19 schema:name readcube_id
52 schema:value 575811629b7c180212f487ed1542ff68cc713325f5b8cf03d637e990cae50886
53 rdf:type schema:PropertyValue
54 N7f7994c2f936421eac9184276af00ed1 rdf:first Nc7846fcf489b42ec9a873d5d23a02177
55 rdf:rest N1c82853df5b348e482f52c8b63be22af
56 N8a8b0cc1ed194c83b906a86942b5efaf rdf:first N4db06f3708b44c0eb91c690260d54a36
57 rdf:rest rdf:nil
58 N98d56a1a503a40978db0419c6a2d7d11 rdf:first sg:person.012113441135.19
59 rdf:rest rdf:nil
60 Na1c44bab9f4f45809cbccaf628ffac42 schema:affiliation https://www.grid.ac/institutes/grid.412036.2
61 schema:familyName Chen
62 schema:givenName Chia-Mei
63 rdf:type schema:Person
64 Na6967c38b3284be28bd9a3aed116d9c3 rdf:first Na1c44bab9f4f45809cbccaf628ffac42
65 rdf:rest N7f7994c2f936421eac9184276af00ed1
66 Na77dc9fe78e346939c104e4abc95a2fd schema:location Cham
67 schema:name Springer International Publishing
68 rdf:type schema:Organisation
69 Na8a48f0922e742ce9336ac9c546e8820 schema:familyName Pan
70 schema:givenName Jeng-Shyang
71 rdf:type schema:Person
72 Nc7846fcf489b42ec9a873d5d23a02177 schema:affiliation https://www.grid.ac/institutes/grid.412036.2
73 schema:familyName Lo
74 schema:givenName Wen-Ling
75 rdf:type schema:Person
76 Nd9385a85200d4f61b5b7c04225cf6fe6 schema:name Springer Nature - SN SciGraph project
77 rdf:type schema:Organization
78 Ne5484665a9074ea6be24ea6c9308ad95 schema:isbn 978-3-030-03747-5
79 978-3-030-03748-2
80 schema:name Recent Advances in Intelligent Information Hiding and Multimedia Signal Processing
81 rdf:type schema:Book
82 Neb1e2028e43547468710cb7da42e5f97 rdf:first Ned7e4c247e3549df843675520854e72f
83 rdf:rest N8a8b0cc1ed194c83b906a86942b5efaf
84 Nebb3566399114dc581e97163d0a122a0 schema:name Department of Technology Crime Investigation, Taiwan Police College, Taipei, Taiwan
85 rdf:type schema:Organization
86 Ned7e4c247e3549df843675520854e72f schema:familyName Tsai
87 schema:givenName Pei-Wei
88 rdf:type schema:Person
89 Nfddcb1bf303f446f8ccfff9d337c08fc schema:name dimensions_id
90 schema:value pub.1109848656
91 rdf:type schema:PropertyValue
92 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
93 schema:name Information and Computing Sciences
94 rdf:type schema:DefinedTerm
95 anzsrc-for:0806 schema:inDefinedTermSet anzsrc-for:
96 schema:name Information Systems
97 rdf:type schema:DefinedTerm
98 sg:person.012113441135.19 schema:affiliation https://www.grid.ac/institutes/grid.412550.7
99 schema:familyName Hu
100 schema:givenName Yu-Chen
101 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.012113441135.19
102 rdf:type schema:Person
103 sg:person.014772053473.91 schema:affiliation Nebb3566399114dc581e97163d0a122a0
104 schema:familyName Lai
105 schema:givenName Gu-Hsin
106 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.014772053473.91
107 rdf:type schema:Person
108 https://doi.org/10.1016/j.eswa.2007.06.034 schema:sameAs https://app.dimensions.ai/details/publication/pub.1015727614
109 rdf:type schema:CreativeWork
110 https://doi.org/10.1109/icc.2007.1020 schema:sameAs https://app.dimensions.ai/details/publication/pub.1094757289
111 rdf:type schema:CreativeWork
112 https://doi.org/10.1109/iccee.2009.151 schema:sameAs https://app.dimensions.ai/details/publication/pub.1095389004
113 rdf:type schema:CreativeWork
114 https://doi.org/10.1109/icicic.2009.127 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093384185
115 rdf:type schema:CreativeWork
116 https://doi.org/10.1109/icpads.2011.11 schema:sameAs https://app.dimensions.ai/details/publication/pub.1094614458
117 rdf:type schema:CreativeWork
118 https://doi.org/10.1109/malware.2012.6461004 schema:sameAs https://app.dimensions.ai/details/publication/pub.1095798400
119 rdf:type schema:CreativeWork
120 https://doi.org/10.1109/sectech.2008.52 schema:sameAs https://app.dimensions.ai/details/publication/pub.1095762025
121 rdf:type schema:CreativeWork
122 https://doi.org/10.1109/wicom.2012.6478491 schema:sameAs https://app.dimensions.ai/details/publication/pub.1094716439
123 rdf:type schema:CreativeWork
124 https://doi.org/10.1145/1090191.1080118 schema:sameAs https://app.dimensions.ai/details/publication/pub.1063150895
125 rdf:type schema:CreativeWork
126 https://www.grid.ac/institutes/grid.412036.2 schema:alternateName National Sun Yat-sen University
127 schema:name Department of Information Management, National Sun Yat-sen University, Kaohsiung, Taiwan
128 rdf:type schema:Organization
129 https://www.grid.ac/institutes/grid.412550.7 schema:alternateName Providence University
130 schema:name Department of Computer Science and Information Management, Providence University, Taichung, Taiwan
131 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...