Detecting Stealthy Botnets in a Resource-Constrained Environment Using Reinforcement Learning
| Title | Detecting Stealthy Botnets in a Resource-Constrained Environment Using Reinforcement Learning |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Venkatesan, Sridhar, Albanese, Massimiliano, Shah, Ankit, Ganesan, Rajesh, Jajodia, Sushil |
| Conference Name | Proceedings of the 2017 Workshop on Moving Target Defense |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5176-8 |
| Keywords | botnets, honey pots, human factors, Intrusion detection, pubcrawl, reinforcement learning, resilience, Resiliency, Scalability |
| Abstract | Modern botnets can persist in networked systems for extended periods of time by operating in a stealthy manner. Despite the progress made in the area of botnet prevention, detection, and mitigation, stealthy botnets continue to pose a significant risk to enterprises. Furthermore, existing enterprise-scale solutions require significant resources to operate effectively, thus they are not practical. In order to address this important problem in a resource-constrained environment, we propose a reinforcement learning based approach to optimally and dynamically deploy a limited number of defensive mechanisms, namely honeypots and network-based detectors, within the target network. The ultimate goal of the proposed approach is to reduce the lifetime of stealthy botnets by maximizing the number of bots identified and taken down through a sequential decision-making process. We provide a proof-of-concept of the proposed approach, and study its performance in a simulated environment. The results show that the proposed approach is promising in protecting against stealthy botnets. |
| URL | https://dl.acm.org/citation.cfm?doid=3140549.3140552 |
| DOI | 10.1145/3140549.3140552 |
| Citation Key | venkatesan_detecting_2017 |