Botnet Attack Detection Using A Hybrid Supervised Fast-Flux Killer System

Authors

  • Ahmad Al-Nawasrah Information and communication technology college, British university of Bahrain
  • Ammar Almomani IT-department, Al-Huson University College, Al-Balqa Applied University, P. O. Box 50, Irbid, Jordan and Research and Innovation department, Skyline University College, Sharjah P.O. Box 1797, United Arab Emirates
  • Huthaifa A. Al_Issa Electrical and Electronics Engineering Department, Al-Huson University College, Al Balqa Applied University, Jordan
  • Khalid Alissa Saudi ARAMCO Cybersecurity Chair, Department of Networks and Communication, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia
  • Ayat Alrosan School of Information Technology, Skyline University College, Sharjah P.O. Box 1797, United Arab Emirates
  • Abdulellah A. Alaboudi College of Computing and Information Technology, Shaqra University, P.O. Box 33, Riyadh, KSA
  • Brij B. Gupta Department of Computer Engineering, National Institute of Technology, Kurukshetra, India

DOI:

https://doi.org/10.13052/jwe1540-9589.2123

Keywords:

FFKA, botnet detection, DeSNN

Abstract

A Fast Flux Service Network (FFSN) domain name system method is a technique used on botnet that bot herders used to support malicious botnet actions to rapidly change the domain name IP addresses and to increase the life of malicious servers. While several methods for the detection of FFSN domains are suggested, they are still suffering from relatively low accuracy with the zero-day domain in particular. Throughout the current research, a system that’s deemed new is proposed. The latter system is called (the Fast Flux Killer System) and is abbreviated as (FFKS)). It allows one to have the FF-Domains “zero-day”, via a deployment built on (ADeSNN). It is a hybrid, which consists of two stages. The online phase according to the learning outcomes from the offline phase works on detecting the zero-day domains while the offline phase helps in enhancing the classification performance of the system in the online phase. This system will be compared to a previously published work that was based on a supervised detection method using the same ADeSNN algorithm to have the FFSNs domains detected, also to show better performance in detecting malicious domains. A public data set for the impacts of the hybrid ADeSNN algorithm is employed in the experiment. When hybrid ADeSNN was used over the supervised one, the experiments showed better accuracy. The detection of zero-day fast-flux domains is highly accurate (99.54%) in a mode considered as an online one.

Downloads

Download data is not yet available.

Author Biographies

Ahmad Al-Nawasrah, Information and communication technology college, British university of Bahrain

Ahmad Al Nawasrah (a.alnawasreh@bub.bh) received his Ph.D. in Computer Science-Information security from the University of Salford, the UK in 2018. Currently, Dr. AlNawasrah is an assistant professor at ICT college, British University of Bahrain. He has published several research papers in International Journals and Conferences with a high reputation, where some of these publications are tracked by Thomson Reuters (ISI) and Scopus. His research interests lie in Information Security, Internet cyber-crimes.

Ammar Almomani, IT-department, Al-Huson University College, Al-Balqa Applied University, P. O. Box 50, Irbid, Jordan and Research and Innovation department, Skyline University College, Sharjah P.O. Box 1797, United Arab Emirates

Ammar Almomani received his Ph.D. Degree from Universiti Sains Malaysia (USM) in 2013. He has published more than 75 research papers in International Journals and Conferences of high repute including IEEE, Elsevier, ACM, Springer, Inderscience, etc. with many international awards, He has visited several countries to present his research work, he is serving as a reviewer for 10s Journals of IEEE, Springer, Wiley, Taylor & Francis, etc. he has 16 years of experience with taught more than 40 different subjects in computer science, networks, and cybersecurity, and programming language, he has many international certificates and participation in dozens of projects and specialized scientific courses, His research interest includes cybersecurity, advanced Internet security, and monitoring, he is an associate professor and senior lecturer at Al- Balqa Applied University and currently he is a professor and ahead of research and innovation department in SKYLINE university college-SHARJAH-UAE. link: https://scholar.google.com/citations?user=d_tRtPkAAAAJ&hl=en

Huthaifa A. Al_Issa, Electrical and Electronics Engineering Department, Al-Huson University College, Al Balqa Applied University, Jordan

Huthaifa A. Al_Issa received his Bachelor’s and Master’s degrees in Electrical and Computer Engineering at the Near East University, Cyprus, in 2003 and 2005, respectively with high honors GPA. He received his Ph.D. degree in Electrical Engineering at the University of Dayton, Dayton, OH, USA, in 2012. Currently, he is an assistant professor in the Department of Electrical and Electronics Engineering at AL Balqa Applied University, Al-Huson University College. He has been a member of the Jordan Engineers Association (JEA) since 2003.

Khalid Alissa, Saudi ARAMCO Cybersecurity Chair, Department of Networks and Communication, College of Computer Science and Information Technology, Imam Abdulrahman Bin Faisal University, P.O. Box 1982, Dammam 31441, Saudi Arabia

Khalid Alissa, received a Ph.D. degree in Information security (Access control) from Queensland University of Technology Brisbane in 2010–2015. He is assistant professor at college of computer sciences and Information Technology, Imam Abdulrahman Bin Faisal University, Dammam, Saudi Arabia, and National Center for Satellite Technologies, King Abdulaziz City for Science and Technology (KACST), Riyadh, Saudi Arabia. His research interest includes information security.

Ayat Alrosan, School of Information Technology, Skyline University College, Sharjah P.O. Box 1797, United Arab Emirates

Ayat Alrosan received a Ph.D. degree from Universiti Sains Islam Malaysia (USIM) in 2017. She has published many research papers in International Journals and Conferences of high repute. Currently, she is an assistant professor at Deanship of Information and Communication Technology, Imam Abdulrahman Bin Faisal University, Dammam, Saudi Arabia. His research interest includes image processing, data clustering, and optimization, aaalrosan@iau.edu.sa, https://orcid.org/0000-0001-9400-4077. AYAT’s photograph is not available at the time of publication.

Abdulellah A. Alaboudi, College of Computing and Information Technology, Shaqra University, P.O. Box 33, Riyadh, KSA

Abdulellah A. Alaboudi received a master’s degree and a Ph.D. degree in computer sciences from the University of Staffordshire, U.K. He is currently working at Shaqra University, Saudi Arabia, as an Assistant Professor. He has vast experience as a Business Process Reengineer and project management. An ample number of peer-reviewed articles are on his credit. His research interests include the Internet of Things, cybersecurity, software engineering, wireless networks, and machine learning.

Brij B. Gupta, Department of Computer Engineering, National Institute of Technology, Kurukshetra, India

Brij B. Gupta received PhD degree from Indian Institute of Technology Roorkee, India in the area of information security. He has published more than 300 research papers in international journals and conferences of high repute. He has visited several countries to present his research work. His biography has published in the Marquis Who’s Who in the World, 2012. At present, he is working as an Assistant Professor in the Department of Computer Engineering, National Institute of Technology Kurukshetra, India. His research interest includes information security, cyber security, cloud computing, web security, intrusion detection, computer networks and phishing.

References

G. I. Shidaganti, A. S. Inamdar, S. V. Rai, A. M. J. I. J. o. C. A. Rajeev, and Computing, “Scef: A model for prevention of ddos attacks from the cloud,” vol. 10, no. 3, pp. 67–80, 2020.

A. Dahiya and B. B. J. F. G. C. S. Gupta, “A reputation score policy and Bayesian game theory based incentivized mechanism for DDoS attacks mitigation and cyber defense,” vol. 117, pp. 193–204, 2021.

K. Bhushan, B. B. J. J. o. A. I. Gupta, and H. Computing, “Distributed denial of service (DDoS) attack mitigation in software defined network (SDN)-based cloud computing environment,” vol. 10, no. 5, pp. 1985–1997, 2019.

M. Chhabra, B. Gupta, and A. Almomani, “A novel solution to handle DDOS attack in MANET,” 2013.

K. Alieyan, A. Almomani, M. Anbar, M. Alauthman, R. Abdullah, and B. Gupta, “DNS rule-based schema to botnet detection,” Enterprise Information Systems, pp. 1–20, 2019.

K. Alieyan, M. Anbar, A. Almomani, R. Abdullah, and M. Alauthman, “Botnets Detecting Attack Based on DNS Features,” in 2018 International Arab Conference on Information Technology (ACIT), 2018, pp. 1–4: IEEE.

K. Alieyan, A. Almomani, R. Abdullah, and M. Anbar, “A Rule-based System to Detect Botnets based on DNS,” in 2018 8th IEEE International Conference on Control System, Computing and Engineering (ICCSCE), 2018, pp. 115–120: IEEE.

A. Almomani, O. M. Dorgham, M. Alauthman, M. Al-Refai, and N. Aslam, “Botnet Behavior and Detection Techniques: A Review,” Computer and Cyber Security: Principles, Algorithm, Applications, and Perspectives, p. 223, 2018.

A. Almomani, M. Alauthman, M. Alweshah, O. Dorgham, and F. Albalas, “A comparative study on spiking neural network encoding schema: implemented with cloud computing,” Cluster Computing, vol. 22, no. 2, pp. 419–433, 2019.

N. Kasabov, K. Dhoble, N. Nuntalid, and G. Indiveri, “Dynamic evolving spiking neural networks for on-line spatio-and spectro-temporal pattern recognition,” Neural Networks, vol. 41, pp. 188–201, 2013.

A. Al-Nawasrah, A. A. Almomani, S. Atawneh, M. J. I. J. o. C. A. Alauthman, and Computing, “A Survey of Fast Flux Botnet Detection With Fast Flux Cloud Computing,” vol. 10, no. 3, pp. 17–53, 2020.

A. A.-N. Ammar Almomani, Mohammad Alauthman,Mohammed Azmi Al-Betar, Farid Meziane., “Botnet Detection Used Fast-Flux Technique, Based on Adaptive Dynamic Evolving Spiking Neural Network Algorithm,” ed. Journal International Journal of Ad Hoc and Ubiquitous Computing, 2020.

A. Al-Nawasrah, A. Al-Momani, F. Meziane, and M. Alauthman, “Fast flux botnet detection framework using adaptive dynamic evolving spiking neural network algorithm,” in 2018 9th International Conference on Information and Communication Systems (ICICS), 2018, pp. 7–11: IEEE.

Y. Zhao and Z. Jin, “Quickly Identifying FFSN Domain and CDN Domain with Little Dataset,” 2015.

Y. M. P. Pa, K. Yoshioka, and T. Matsumoto, “Detecting malicious domains and authoritative name servers based on their distinct mappings to IP addresses,” Journal of information processing, vol. 23, no. 5, pp. 623–632, 2015.

H.-T. Lin, Y.-Y. Lin, and J.-W. Chiang, “Genetic-based real-time fast-flux service networks detection,” Computer Networks, vol. 57, no. 2, pp. 501–513, 2/4/ 2013.

F.-H. Hsu, C.-S. Wang, C.-H. Hsu, C.-K. Tso, L.-H. Chen, and S.-H. Lin, “Detect fast-flux domains through response time differences,” Selected Areas in Communications, IEEE Journal on, vol. 32, no. 10, pp. 1947–1956, 2014.

T. Otgonbold, “ADAPT: An anonymous, distributed, and active probing-based technique for detecting malicious fast-flux domains,” 2014.

P. S. Chahal and S. S. Khurana, “TempR: Application of Stricture Dependent Intelligent Classifier for Fast Flux Domain Detection,” International Journal of Computer Network & Information Security, vol. 8, no. 10, 2016.

Z. B. Celik and S. Oktug, “Detection of fast-flux networks using various dns feature sets,” in Computers and Communications (ISCC), 2013 IEEE Symposium on, 2013, pp. 000868–000873: IEEE.

L. Yang and G. Gan, “Research and Detection of Fast-flux Botnet,” in IOP Conference Series: Earth and Environmental Science, 2021, vol. 693, no. 1, p. 012031: IOP Publishing.

D.-T. Truong, D.-T. Tran, and B. J. J. o. I. T. Huynh, “Detecting Malicious Fast-Flux Domains Using Feature-based Classification Techniques,” vol. 21, no. 4, pp. 1061–1072, 2020.

D. Yuan, X. Chang, P.-Y. Huang, Q. Liu, and Z. J. I. T. o. I. P. He, “Self-supervised deep correlation tracking,” vol. 30, pp. 976–985, 2020.

S.-Y. Huang, C.-H. Mao, and H.-M. Lee, “Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection,” presented at the Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, Beijing, China, 2010.

T. Holz, C. Gorecki, K. Rieck, and F. C. Freiling, “Measuring and Detecting Fast-Flux Service Networks,” in NDSS, 2008.

Y. Sheng, Z. Shijie, and W. Sha, “Fast-flux attack network identification based on agent lifespan,” in Wireless Communications, Networking and Information Security (WCNIS), 2010 IEEE International Conference on, 2010, pp. 658–662.

B. Yu, L. Smith, and M. Threefoot, “Semi-supervised Time Series Modeling for Real-Time Flux Domain Detection on Passive DNS Traffic,” in Machine Learning and Data Mining in Pattern Recognition, vol. 8556, P. Perner, Ed. (Lecture Notes in Computer Science: Springer International Publishing, 2014, pp. 258–271.

S. Martinez-Bea, S. Castillo-Perez, and J. Garcia-Alfaro, “Real-time malicious fast-flux detection using DNS and bot related features,” in PST, 2013, pp. 369–372.

M. T. Qassrawi and H. L. Zhang, “Detecting Malicious Fast Flux Domains,” in Applied Mechanics and Materials, 2012, vol. 157, pp. 1264–1273: Trans Tech Publ.

C.-M. Chen, S.-T. Cheng, and J.-H. Chou, “Detection of Fast-Flux Domains,” Journal of Advances in Computer Networks, vol. 1, no. 2, 2013.

C. Castelluccia, M. A. Kaafar, P. Manils, and D. Perito, “Geolocalization of proxied services and its application to fast-flux hidden servers,” in Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference, 2009, pp. 184–189: ACM.

S. Alkhazaleh, A. R. Salleh, and N. Hassan, “Possibility fuzzy soft set,” Advances in Decision Sciences, vol. 2011, 2011.

J. A. Swets, Signal detection theory and ROC analysis in psychology and diagnostics: Collected papers. Psychology Press, 2014.

T. Fawcett, “An introduction to ROC analysis,” Pattern Recognition Letters, vol. 27, no. 8, pp. 861–874, 6// 2006.

Published

2021-12-30

Issue

Section

Secure web applications based on Moving Target Defense: challenges, solutions an