BoTGen: A new approach for in-lab generation of botnet datasets

ElSheikh, Muhammad; Gadelrab, Mohammed S.; Ghoneim, Mahmoud; Rashwan, Mohsen

doi:10.1109/malware.2014.6999406

Cited by 6 publications

(9 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It will be used for training and testing ML algorithms, as well as feature set optimization and reduction. For this purpose, we have created a diversified dataset as described in [14]. In the following section we present the metrics used in evaluating and comparing detection results from various ML models/algoritms and feature-sets.…”

Section: Figure 1 Botnet Communication Segmentationmentioning

confidence: 99%

“…Our decision to include these botwares was based on a detailed analysis of several botware samples where we take into account the diversity of the dataset. More details about our analysis results can be found in [14] By using BoTGen, we run 6 botware variations from each family for 6 hours separately on 10 virtual machines (VMs). Variations differ from each other in botnet and network configuration such as (PING/PONG IRC rate, HTTP request rate, start-up/shutdown of VMs) and the executed scenario (number of commands, order of commands, etc.).…”

Section: Detection Model Design and Implementationmentioning

confidence: 99%

“…It is implemented from off-the-shelf open source software to provide researchers with a flexible, reliable and fully automated platform. This allows not only to produce datasets but also to experiment with various and complete botnet scenarios in a controlled environment [14]. The work described in this paper employs Machine Learning techniques (Decision Tree and Support Vector Machine) to build a botnet detection system: BoTCap.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

BotCap: Machine Learning Approach for Botnet Detection Based on Statistical Features

Gadelrab

ElSheikh²,

Ghoneim

et al. 2022

Int. j. commun. netw. inf. secur.

Self Cite

View full text Add to dashboard Cite

In this paper, we describe a detailed approach to develop a botnet detection system using machine learning (ML)techniques. Detecting botnet member hosts, or identifying botnet traffic has been the main subject of manyresearch efforts. This research aims to overcome two serious limitations of current botnet detection systems:First, the need for Deep Packet Inspection-DPI and the need to collect traffic from several infected hosts. Toachieve that, we have analyzed several botware samples of known botnets. Based on this analysis, we haveidentified a set of statistical features that may help to distinguish between benign and botnet malicious traffic.Then, we have carried several machine learning experiments in order to test the suitability of ML techniques andalso to pick a minimal subset of the identified features that provide best detection. We have implemented ourapproach in a tool called BotCap whose test results showed its proven ability to detect individually infected hostsin a local network.

show abstract

Section: Figure 1 Botnet Communication Segmentationmentioning

confidence: 99%

Section: Detection Model Design and Implementationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

BotCap: Machine Learning Approach for Botnet Detection Based on Statistical Features

Gadelrab

ElSheikh²,

Ghoneim

et al. 2022

Int. j. commun. netw. inf. secur.

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, we intend to look into their techniques in the future to increase the number of bots in our testbed to more accurately represent real-world IoT botnets. We are in the process of collecting datasets for the IoT botnet research community, similar to [20], and hope to release them in near future. Out testbed is not restricted to specific attacks such as HTTP flooding [21] and we also use virtualization to create multiple bots on a physical machine, albeit not through VMWare hypervisor as done in [22].…”

Section: Related Workmentioning

confidence: 99%

“…ElSheikh et al [20] have addressed the lack of publicly available botnet research datasets by creating an in-lab botnet experimentation testbed in a contained environment and using it to generate botnet datasets. [21] has implemented an HTTP (Hypertext Transfer Protocol)-based botnet testbed for performing HTTP GET flooding attacks against web servers.…”

Section: Related Workmentioning

confidence: 99%

A Secure Contained Testbed for Analyzing IoT Botnets

Kumar

Lim

2019

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Many security issues have come to the fore with the increasingly widespread adoption of Internet-of-Things (IoT) devices. The Mirai attack on Dyn DNS service, in which vulnerable IoT devices such as IP cameras, DVRs and routers were infected and used to propagate large-scale DDoS attacks, is one of the more prominent recent examples. IoT botnets, consisting of hundredsof-thousands of bots, are currently present "in-the-wild" at least and are only expected to grow in the future, with the potential to cause significant network downtimes and financial losses to network companies. We propose, therefore, to build testbeds for evaluating IoT botnets and design suitable mitigation techniques against them. A DETERlab-based IoT botnet testbed is presented in this work. The testbed is built in a secure contained environment and includes ancillary services such as DHCP, DNS as well as botnet infrastructure including CnC and scanListen/loading servers. Developing an IoT botnet testbed presented us with some unique challenges which are different from those encountered in non-IoT botnet testbeds and we highlight them in this paper. Further, we point out the important features of our testbed and illustrate some of its capabilities through experimental results.

show abstract

Gotham Testbed: A Reproducible IoT Testbed for Security Experiments and Dataset Generation

Sáez-de-Cámara

Flores

Arellano

et al. 2024

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

The growing adoption of the Internet of Things (IoT) has brought a significant increase in attacks targeting those devices. Machine learning (ML) methods have shown promising results for intrusion detection; however, the scarcity of IoT datasets remains a limiting factor in developing ML-based security systems for IoT scenarios. Static datasets get outdated due to evolving IoT architectures and threat landscape; meanwhile, the testbeds used to generate them are rarely published. This paper presents the Gotham testbed, a reproducible and flexible security testbed extendable to accommodate new emulated devices, services or attackers. Gotham is used to build an IoT scenario composed of 100 emulated devices communicating via MQTT, CoAP and RTSP protocols, among others, in a topology composed of 30 switches and 10 routers. The scenario presents three threat actors, including the entire Mirai botnet lifecycle and additional red-teaming tools performing DoS, scanning, and attacks targeting IoT protocols. The testbed has many purposes, including a cyber range, testing security solutions, and capturing network and application data to generate datasets. We hope that researchers can leverage and adapt Gotham to include other devices, state-of-the-art attacks and topologies to share scenarios and datasets that reflect the current IoT settings and threat landscape.

show abstract

BoTGen: A new approach for in-lab generation of botnet datasets

Cited by 6 publications

References 7 publications

BotCap: Machine Learning Approach for Botnet Detection Based on Statistical Features

BotCap: Machine Learning Approach for Botnet Detection Based on Statistical Features

A Secure Contained Testbed for Analyzing IoT Botnets

Gotham Testbed: A Reproducible IoT Testbed for Security Experiments and Dataset Generation

Contact Info

Product

Resources

About