- Browse by Author
Browsing by Author "Zincir-Heywood, A. Nur"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Data analytics for modeling and visualizing attack behaviors: A case study on SSH brute force attacks(IEEE, 2017-11) Yao, Chengchao; Luo, Xiao; Zincir-Heywood, A. Nur; Computer and Information Science, School of ScienceIn this research, we explore a data analytics based approach for modeling and visualizing attack behaviors. To this end, we employ Self-Organizing Map and Association Rule Mining algorithms to analyze and interpret the behaviors of SSH brute force attacks and SSH normal traffic as a case study. The experimental results based on four different data sets show that the patterns extracted and interpreted from the SSH brute force attack data sets are similar to each other but significantly different from those extracted from the SSH normal traffic data sets. The analysis of the attack traffic provides insight into behavior modeling for brute force SSH attacks. Furthermore, this sheds light into how data analytics could help in modeling and visualizing attack behaviors in general in terms of data acquisition and feature extraction.Item Exploring a Service-Based Normal Behaviour Profiling System for Botnet Detection(IEEE, 2017-05) Chen, Weikeng; Luo, Xiao; Zincir-Heywood, A. Nur; Computer Information and Graphics Technology, School of Engineering and TechnologyEffective detection of botnet traffic becomes difficult as the attackers use encrypted payload and dynamically changing port numbers (protocols) to bypass signature based detection and deep packet inspection. In this paper, we build a normal profiling-based botnet detection system using three unsupervised learning algorithms on service-based flow-based data, including self-organizing map, local outlier, and k-NN outlier factors. Evaluations on publicly available botnet data sets show that the proposed system could reach up to 91% detection rate with a false alarm rate of 5%.