Real-time botnet detection using nonnegative tucker decomposition

H Kanehara, Y Murakami, J Shimamura… - Proceedings of the 34th …, 2019 - dl.acm.org
H Kanehara, Y Murakami, J Shimamura, T Takahashi, D Inoue, N Murata
Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, 2019dl.acm.org
This study focuses on darknet traffic analysis and applies tensor factorization in order to
detect coordinated group activities, such as a botnet. Tensor factorization is a powerful tool
for extracting co-occurrence patterns that is highly interpretable and can handle more
variables than matrix factorization. We propose a simple method for detecting group
activities from its extracted features. However, tensor factorization requires too high a
computational cost to run in real time. To address this problem, we implemented a two-step …
This study focuses on darknet traffic analysis and applies tensor factorization in order to detect coordinated group activities, such as a botnet. Tensor factorization is a powerful tool for extracting co-occurrence patterns that is highly interpretable and can handle more variables than matrix factorization. We propose a simple method for detecting group activities from its extracted features. However, tensor factorization requires too high a computational cost to run in real time. To address this problem, we implemented a two-step algorithm in order to achieve fast, memory-efficient factorization. We also utilize nonnegative Tucker decomposition, one of the tensor factorization methods, because it has non-negativity constraints, to avoid physically unreasonable results. Finally, we introduce our prototype implementation of the proposed scheme, with which we demonstrate the effectiveness of the scheme by reviewing several past security incidents.
ACM Digital Library
Showing the best result for this search. See all results