Real-time botnet detection using nonnegative tucker decomposition

Hideaki Kanehara, Takeshi Takahashi, Yuma Murakami, Daisuke Inoue, Jumpei Shimamura, Noboru Murata

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

This study focuses on darknet traffic analysis and applies tensor factorization in order to detect coordinated group activities, such as a botnet. Tensor factorization is a powerful tool for extracting co-occurrence patterns that is highly interpretable and can handle more variables than matrix factorization. We propose a simple method for detecting group activities from its extracted features. However, tensor factorization requires too high a computational cost to run in real time. To address this problem, we implemented a two-step algorithm in order to achieve fast, memory-efficient factorization. We also utilize nonnegative Tucker decomposition, one of the tensor factorization methods, because it has non-negativity constraints, to avoid physically unreasonable results. Finally, we introduce our prototype implementation of the proposed scheme, with which we demonstrate the effectiveness of the scheme by reviewing several past security incidents.

Original languageEnglish
Title of host publicationProceedings of the ACM Symposium on Applied Computing
PublisherAssociation for Computing Machinery
Pages1337-1344
Number of pages8
ISBN (Print)9781450359337
DOIs
Publication statusPublished - 2019
Event34th Annual ACM Symposium on Applied Computing, SAC 2019 - Limassol, Cyprus
Duration: 2019 Apr 82019 Apr 12

Publication series

NameProceedings of the ACM Symposium on Applied Computing
VolumePart F147772

Conference

Conference34th Annual ACM Symposium on Applied Computing, SAC 2019
Country/TerritoryCyprus
CityLimassol
Period19/4/819/4/12

Keywords

  • Botnet Detection
  • Darknet Analysis
  • Group Activity Detection
  • Real-Time Analysis
  • Tensor Factorization

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Real-time botnet detection using nonnegative tucker decomposition'. Together they form a unique fingerprint.

Cite this