Real-time botnet detection using nonnegative tucker decomposition

Hideaki Kanehara, Takeshi Takahashi, Yuma Murakami, Daisuke Inoue, Jumpei Shimamura, Noboru Murata

研究成果: Conference contribution

3 被引用数 (Scopus)

抄録

This study focuses on darknet traffic analysis and applies tensor factorization in order to detect coordinated group activities, such as a botnet. Tensor factorization is a powerful tool for extracting co-occurrence patterns that is highly interpretable and can handle more variables than matrix factorization. We propose a simple method for detecting group activities from its extracted features. However, tensor factorization requires too high a computational cost to run in real time. To address this problem, we implemented a two-step algorithm in order to achieve fast, memory-efficient factorization. We also utilize nonnegative Tucker decomposition, one of the tensor factorization methods, because it has non-negativity constraints, to avoid physically unreasonable results. Finally, we introduce our prototype implementation of the proposed scheme, with which we demonstrate the effectiveness of the scheme by reviewing several past security incidents.

本文言語English
ホスト出版物のタイトルProceedings of the ACM Symposium on Applied Computing
出版社Association for Computing Machinery
ページ1337-1344
ページ数8
ISBN(印刷版)9781450359337
DOI
出版ステータスPublished - 2019
イベント34th Annual ACM Symposium on Applied Computing, SAC 2019 - Limassol, Cyprus
継続期間: 2019 4 82019 4 12

出版物シリーズ

名前Proceedings of the ACM Symposium on Applied Computing
Part F147772

Conference

Conference34th Annual ACM Symposium on Applied Computing, SAC 2019
CountryCyprus
CityLimassol
Period19/4/819/4/12

ASJC Scopus subject areas

  • Software

フィンガープリント 「Real-time botnet detection using nonnegative tucker decomposition」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル