conformal clustering and its application to botnet traffic
play

Conformal Clustering and its Application to Botnet Traffic - PowerPoint PPT Presentation

Oct 09, 2022 •359 likes •576 views

Conformal Clustering and its Application to Botnet Traffic Giovanni Cherubin, Ilia Nouretdinov, Alexander Gammerman Roberto Jordaney, Zhi Wang, Davide Papini, Lorenzo Cavallaro Netflow, network traces Internet Bot TCP/ netflow Date

  1. Conformal Clustering and its Application to Botnet Traffic Giovanni Cherubin, Ilia Nouretdinov, Alexander Gammerman Roberto Jordaney, Zhi Wang, Davide Papini, Lorenzo Cavallaro

  2. Netflow, network traces Internet Bot TCP/ netflow Date Duration IP_src Port_src IP_dst Port_dst UDP Sent Recv Sent Recv Tot Tot Flags… Packets Packets Bytes Bytes Packets Bytes

  3. Netflow, network traces TCP/ Sent Date Duration Port_dst … UDP Bytes netflow_1 1248089563 2939 TCP 503 445 netflow_2 1248089702 51 TCP 354 139 …

  4. Conformal Predictor Conformal Predictor D, z n , A p n : p-value Does z n conform D for 1- ε confidence?

  5. CP for anomaly detection [Laxhammar11, Smith14] x 2 x 1

  6. Conformal Clustering • Conformal Predictors in unsupervised setting. • Controls the objects left outside the clusters. • Regulates the “depth” of clusters.

  7. training objects x 2 x 1

  8. training objects x 2 x 1

  9. p-values grid 0.1 0.3 0.2 0.1 0.0 0.1 0.3 … x 2 x 1

  10. respect to ε =0.1 x 2 x 1

  11. neighbouring rule x 2 x 1

  12. test set x 2 x 1

  13. clusters x 2 x 1

  14. Our Approach • Each network trace produces a feature vector. • Normalisation. • Dimensionality reduction ( t-SNE ). • Non-conformity measures: k-NN , KDE . • Performance measures: Purity , Average P-Value.

  15. Performance Measures Purity ! • How “pure” are the clusters. • For the same ε the number of clusters is not influenced. Average P-Value ! 0.1 0.3 0.2 0.1 0.0 • Efficiency criterion. … 0.1 0.3 • Size of the prediction set. • The smaller the prediction set the better.

  16. Results ( ε =0.2) k-NN non-conformity measure k 1 2 3 4 5 … 10 APV 0.129 0.139 0.141 0.147 0.160 0.193 Purity 0.99 0.97 0.97 0.96 0.96 0.92 KDE (Gaussian kernel) non-conformity measure h 0.001 0.005 0.01 0.05 0.1 … 1.0 APV 0.404 0.332 0.299 0.165 0.130 0.221 Purity 1.00 0.98 1.00 0.99 0.99 0.92

  17. Future work • Avoid dimensionality reduction, reduce complexity. • New criteria of accuracy. • New non-conformity measures based on previous work in botnets detection (e.g.: BotFinder). • Detection: “malicious” and “benign” data.

  18. Bibliography • [Vovk05] V. Vovk et al., Algorithmic learning in a random world. Springer, 2005. • [Maaten08] L. van der Maaten et al., Visualizing data using t-SNE. Journal of Machine Learning Research, 2008. • [Laxhammar11] R. Laxhammar et al., Sequential conformal anomaly detection in trajectories based on hausdorff distance, 2011. • [Lei13] J. Lei et al., A conformal prediction approach to explore functional data, 2013. • [Smith14] J. Smith et al., Anomaly Detection of Trajectories with Kernel Density Estimation by Conformal Prediction. Artificial Intelligence Applications and Innovations, Springer, 2014.

  19. Thanks

  20. Conformal Clustering and its Application to Botnet Traffic Giovanni Cherubin, Ilia Nouretdinov, Alexander Gammerman Roberto Jordaney, Zhi Wang, Davide Papini, Lorenzo Cavallaro

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet

BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection Guofei Gu 1,2 , Roberto Perdisci 3 , Junjie Zhang 1 , and Wenke Lee 1 1 Georgia Tech 3 Damballa, Inc. 2 Texas A&M University 2008-7-31

549 views • 22 slides
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic Guofei Gu, Junjie

BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic Guofei Gu, Junjie

BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic Guofei Gu, Junjie Zhang, and Wenke Lee College of Computing Georgia Institute of Technology 2008-2-25 Guofei Gu NDSS08 BotSniffer: Detecting Botnet C&C

379 views • 27 slides
MetaNet A botnet with Metasploit integration By : Matan Ramrazker, Guy Gelber What is a Botnet

MetaNet A botnet with Metasploit integration By : Matan Ramrazker, Guy Gelber What is a Botnet

MetaNet A botnet with Metasploit integration By : Matan Ramrazker, Guy Gelber What is a Botnet A Botnet is a software that is designed to perform simple automated and usually cyclical operations. Botnet management is performed remotely

507 views • 24 slides
Botnet Detection through Analyzing Network Traffic using Statistical Signal Processing Methods

Botnet Detection through Analyzing Network Traffic using Statistical Signal Processing Methods

Botnet Detection through Analyzing Network Traffic using Statistical Signal Processing Methods Basil AsSadhan Department of Electrical Engineering & Center of Excellence in Information Assurance King Saud University April 13-14, 2014

609 views • 39 slides
Application of conformal field theory in the study of critical phenomena in 2 d statistical

Application of conformal field theory in the study of critical phenomena in 2 d statistical

Aims & Motivations The Ising model Conformal transformations 2d CFT Application of conformal field theory in the study of critical phenomena in 2 d statistical systems Artur Miroszewski Institute of Physics, Jagiellonian University,

1.61k views • 19 slides
Discovering Packet Structure through Lightweight Hierarchical Clustering Abdulrahman Hijazi

Discovering Packet Structure through Lightweight Hierarchical Clustering Abdulrahman Hijazi

Understanding Network Traffic Approach Network Traffic Clustering: ADHIC Evaluation Discovering Packet Structure through Lightweight Hierarchical Clustering Abdulrahman Hijazi Hajime Inoue Ashraf Matrawy P .C. van Oorschot Anil Somayaji

540 views • 29 slides
Network Security: Botnet Seungwon Shin GSIS, KAIST many slides from Dr. Yan Chen Definition Bot

Network Security: Botnet Seungwon Shin GSIS, KAIST many slides from Dr. Yan Chen Definition Bot

Network Security: Botnet Seungwon Shin GSIS, KAIST many slides from Dr. Yan Chen Definition Bot a software application that runs automated tasks over the Internet Botnet a collection of Internet-connected programs communicating with other

659 views • 39 slides
Multiple co-clustering and its application Tomoki Tokuda, Okinawa Institute of Science and

Multiple co-clustering and its application Tomoki Tokuda, Okinawa Institute of Science and

Multiple co-clustering and its application Tomoki Tokuda, Okinawa Institute of Science and Technology Graduate University 1 / 13 Outline 1. Introduction 2. Method for multiple co-clustering 3. Application to depression data 4. Conclusion 2

469 views • 13 slides
Not-a-Bot Improving Service Availability in the Face of Botnet Attacks Overview Introduction

Not-a-Bot Improving Service Availability in the Face of Botnet Attacks Overview Introduction

Not-a-Bot Improving Service Availability in the Face of Botnet Attacks Overview Introduction to the problem Architecture of NAB A way to attest human-generated traffic Use of attestation to mitigate presented problems Results

418 views • 25 slides
A message-passing approach to low-rank matrix reconstruction and application to clustering

A message-passing approach to low-rank matrix reconstruction and application to clustering

bg=white Low-rank matrix reconstruction via message passing Application to clustering Application to multivariate Poisson clustering C A message-passing approach to low-rank matrix reconstruction and application to clustering Toshiyuki

798 views • 48 slides
Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic blockchains analysis for Bitcoin and derived

Transaction clustering using network traffic analysis for Bitcoin and derived Transaction clustering using network traffic blockchains analysis for Bitcoin and derived blockchains Biryukov, Tikhomirov Introduction Network privacy Alex

491 views • 30 slides
Week 7 Video 1 Clustering Clustering A type of Structure Discovery algorithm This type of

Week 7 Video 1 Clustering Clustering A type of Structure Discovery algorithm This type of

Week 7 Video 1 Clustering Clustering A type of Structure Discovery algorithm This type of method is also referred to as Dimensionality Reduction , based on a common application Clustering You have a large number of data points You

974 views • 63 slides
Optimal interval clustering: Application to Bregman clustering and statistical mixture learning

Optimal interval clustering: Application to Bregman clustering and statistical mixture learning

Optimal interval clustering: Application to Bregman clustering and statistical mixture learning Frank Nielsen 1 Richard Nock 2 1 Sony Computer Science Laboratories/Ecole Polytechnique 2 UAG-CEREGMIA/NICTA May 2014 c 2014 Frank Nielsen, Sony

501 views • 26 slides
Welcome to Storm ! The Storm botnet Reachability check Overnet (UDP) The Storm botnet

Welcome to Storm ! The Storm botnet Reachability check Overnet (UDP) The Storm botnet

Welcome to Storm ! The Storm botnet Reachability check Overnet (UDP) The Storm botnet Botmaster Hosted infrastructure HTTP proxies HTTP Proxy Infected machines bots TCP Workers The Storm botnet Botmaster Hosted infrastructure HTTP

517 views • 31 slides
A Date with Data Botnet Command and Control Through Tinder A Date with Data Botnet Command and

A Date with Data Botnet Command and Control Through Tinder A Date with Data Botnet Command and

A Date with Data Botnet Command and Control Through Tinder A Date with Data Botnet Command and Control Through Tinder (Almost) $whoami Nathaniel Beckstead Interests Blue team Homelab Network Security Find Me github.com/becksteadn

500 views • 22 slides
Lecture 23: Spectral clustering Hierarchical clustering What is a good clustering?

Lecture 23: Spectral clustering Hierarchical clustering What is a good clustering?

Lecture 23: Spectral clustering Hierarchical clustering What is a good clustering? Aykut Erdem May 2016 Hacettepe University Last time K-Means An iterative clustering algorithm - Initialize: Pick K random points as cluster

932 views • 64 slides
On the complex network clustering using DryadLINQ Stojan Trajanovski ( st508 ) MPhil in Advanced

On the complex network clustering using DryadLINQ Stojan Trajanovski ( st508 ) MPhil in Advanced

Data Centric Networking (R202) Open source project study On the complex network clustering using DryadLINQ Stojan Trajanovski ( st508 ) MPhil in Advanced Computer Science Motivation Why going parallel in complex networks analysis? Online

390 views • 7 slides
Come Converge! Lets Talk About Clustering Alanis Chew and Madeline Cope Department of

Come Converge! Lets Talk About Clustering Alanis Chew and Madeline Cope Department of

What is Clustering? Clustering Techniques Youngstown State University Results Acknowledgments Come Converge! Lets Talk About Clustering Alanis Chew and Madeline Cope Department of Mathematics and Statistics Youngstown State University

697 views • 67 slides
RoboCup Rescue Simulation League CSU_Yunlu From Central South University Participated in Robocup

RoboCup Rescue Simulation League CSU_Yunlu From Central South University Participated in Robocup

RoboCup Rescue Simulation League CSU_Yunlu From Central South University Participated in Robocup since 2003 Team member Wuqian Lv* Yongjian Fu Undergraduate student, Undergraduate student, School of Computer Science, School of

576 views • 41 slides
Compared to GAMA and Illustris Mara Celeste Artale Instituto de Astronoma y Fsica del

Compared to GAMA and Illustris Mara Celeste Artale Instituto de Astronoma y Fsica del

Galaxy Clustering in EAGLE Compared to GAMA and Illustris Mara Celeste Artale Instituto de Astronoma y Fsica del Espacio (IAFE, CONICET-UBA) In collaboration with Peder Norberg, Tom Theuns, James Trayford (ICC, Durham) Idit Zehavi (Case

331 views • 16 slides
Geodemographic Dept. of Geography and Planning Classifications University of Liverpool 23rd GIS

Geodemographic Dept. of Geography and Planning Classifications University of Liverpool 23rd GIS

The Role of Geographical Alexandros Alexiou Alex Singleton Context in Building - Geodemographic Dept. of Geography and Planning Classifications University of Liverpool 23rd GIS Research UK conference, Leeds, April 2015 Summary

821 views • 29 slides
Major Clusters Porterville College January 11th, 2019 -- Flex Day Guided Pathways A Brief

Major Clusters Porterville College January 11th, 2019 -- Flex Day Guided Pathways A Brief

Major Clusters Porterville College January 11th, 2019 -- Flex Day Guided Pathways A Brief Check-In! Capturing Guided Pathways Responses Individually, please think about and note on post-its, with respect to guided pathways: : what you

746 views • 55 slides
Spectral Clustering on Handwritten Digits Database Danielle Middlebrooks dmiddle1@math.umd.edu

Spectral Clustering on Handwritten Digits Database Danielle Middlebrooks dmiddle1@math.umd.edu

Introduction Approach Validation Implementation Project Schedule Deliverables References Spectral Clustering on Handwritten Digits Database Danielle Middlebrooks dmiddle1@math.umd.edu Advisor: Kasso Okoudjou kasso@umd.edu Department of

316 views • 27 slides
An Inventory of Approaches to Climate Modeling and Downscaling PUMA Workshop, Dec01-03, 2010, San

An Inventory of Approaches to Climate Modeling and Downscaling PUMA Workshop, Dec01-03, 2010, San

An Inventory of Approaches to Climate Modeling and Downscaling PUMA Workshop, Dec01-03, 2010, San Francisco, CA Darrin Sharp, Oregon Climate Change Research Institute, dsharp@coas.oregonstate.edu Nov 2, 2010 Introduction 1 Is/Is Not Outline

413 views • 20 slides

More recommend