Towards Adversarial Resilience in Proactive Detection of Botnet Domain Names by using MTD

Christian Dietz, Gabi Dreo, Anna Sperotto, Aiko Pras

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

Artificial Intelligence is often part of state-of-the-art Intrusion Detection Systems. However, attackers use Artificial Intelligence to improve their attacks and circumvent IDS systems. Botnets use artificial intelligence to improve their Domain Name Generation Algorithms. Botnets pose a serious threat to networks that are connected to the Internet and are an enabler for many cyber-criminal activities (e.g., DDoS attacks, banking fraud and cyber-espionage) and cause substantial economic damage. To circumvent detection and prevent takedown actions, bot-masters use DGAs to create, maintain and hide C&C infrastructures. Furthermore, botmasters often release its source code to prevent detection, leading to numerous similar botnets that are created and maintained by different botmasters. As these botnets are based on nearly the same source code basis, they often share similar observable behavior. Current work on detection of DGAs is often based on applying machine learning techniques, as they are capable to generalize and to also detect yet unknown derivatives of a known botnets. However, these machine learning based classifiers can be circumvented by applying adversarial learning techniques. As a consequence, there is a need for resilience against adversarial learning in current Intrusion Detection Systems. In our work, we focus on adversarial learning in DNS based IDSs from the perspective of a network operator. Further, we present our concept to make existing and future machine learning based IDSs more resilient against adversarial learning attacks by applying multi-level Moving Target Defense strategies.

Original languageEnglish
Title of host publication2020 IEEE/IFIP Network Operations and Management Symposium (NOMS 2020)
Subtitle of host publicationManagement in the Age of Softwarization and Artificial Intelligence
Place of PublicationPiscataway, NJ
PublisherIEEE
Number of pages5
ISBN (Electronic)978-1-7281-4973-8
ISBN (Print)978-1-7281-4974-5
DOIs
Publication statusPublished - Apr 2020
Event17th IEEE/IFIP Network Operations and Management Symposium, NOMS 2020: Management in the Age of Softwarization and Artificial Intelligence - Virtual conference, Budapest, Hungary
Duration: 20 Apr 202024 Apr 2020
Conference number: 17
https://noms2020.ieee-noms.org/ (Conference)

Publication series

NameIEEE/IFIP Network Operations and Management Symposium (NOMS)
PublisherIEEE
Volume2020
ISSN (Print)1542-1201
ISSN (Electronic)2374-9709

Conference

Conference17th IEEE/IFIP Network Operations and Management Symposium, NOMS 2020
Abbreviated titleNOMS
CountryHungary
CityBudapest
Period20/04/2024/04/20
Internet address

Keywords

  • Adversarial learning
  • Botnet
  • DGA
  • Proactive detection
  • Resilience
  • Cybersecurity

Fingerprint

Dive into the research topics of 'Towards Adversarial Resilience in Proactive Detection of Botnet Domain Names by using MTD'. Together they form a unique fingerprint.

Cite this