[1]SHAO Xiuli,LIU Yiwei,GENG Meijie,et al.The parallel implementation of MapReduce for the Bayesian algorithm to detect botnets[J].CAAI Transactions on Intelligent Systems,2014,9(1):26-33.[doi:10.3969/j.issn.1673-4785.201305011]
Copy

The parallel implementation of MapReduce for the Bayesian algorithm to detect botnets

CAAI Transactions on Intelligent Systems[ISSN 1673-4785/CN 23-1538/TP] Volume: 9 Number of periods: 2014 1 Page number: 26-33 Column: 学术论文—智能系统 Public date: 2014-02-25
Title:
The parallel implementation of MapReduce for the Bayesian algorithm to detect botnets
Author(s):
SHAO Xiuli1 LIU Yiwei2 GENG Meijie1 HAN Jianbin3
1. College of Computer and Control Engineering, Nankai University, Tianjin 300071, China;
2. School of Mathematical Sciences, Peking University, Beijing 100871, China;
3. Department of Education and Training, Armed Police Command College, Tianjin 300250, China
Keywords:
botnetsbotnet detectionBayesian algorithmHadoopMapReduceflow
CLC:
TP311
DOI:
10.3969/j.issn.1673-4785.201305011
Abstract:
The botnet network poses a serious threat to the Internet security, and the accuracy of the botnet detection method is low, while the Bayesian algorithm has high accuracy. This paper puts forward a Bayesian algorithm with the mechanism of MapReduce based on the Hadoop platform to achieve botnet detection. Taking the host-pairs as analysis objects, this method extracts the traffic features of communications between two hosts, takes these features as input and trains the Bayesian classifier through parallel calculations of the prior probability and condition probability on the stage of the Bayesian algorithm training to learn to recognize botnet traffic. By using the Bayesian classifier trained on the stage of the Bayesian algorithm training and parallel calculations of the posterior probability on the stage of detecting, the detection of botnets can be achieved. Experiments show that the method for detecting botnets is effective and the correct detection rate is more than 90%. The efficiency of this method is greatly improved as compared with detecting the single Bayesian algorithm of the botnets.
References:
[1] JIANG Hongli, SHAO Xiuli. Detecting P2P botnets by discovering flow dependency in C&C traffic[J]. Peer-to-Peer Networking and Applications, 2012, 5(2): 1-12.
[2] 王威,方滨兴,崔翔.基于终端行为特征的IRC僵尸网络检测[J].计算机学报, 2009, 32(10): 1980-1988.WANG Wei, FANG Binxing, CUI Xiang. IRC botnet detection based on host behavior[J]. Chinese Journal of Computers, 2009, 32(10): 1980-1988.
[3] 蒋鸿玲,邵秀丽.基于神经网络的僵尸网络检测方法[J].智能系统学报, 2013, 8(2): 113-118.JIANG Honglin, SHAO Xiuli. Botnet detection algorithm based on neural network[J]. CAAI Transactions on Intelligent Systems, 2013, 8(2): 113-118.
[4] DEAN J, GHEMAWAT S. MapReduce: simplified data processing on large cluster[J]. Communications of the ACM, 2005, 51(1): 107-113.
[5] 陶永才,薛正元,石磊.基于MapReduce的贝叶斯垃圾邮件过滤机制[J].计算机应用, 2011, 31(9): 2412-2416.TAO Yongcai, XUE Zhengyuan, SHI Lei. MapReduce-based Bayesian anti-spam filtering mechanism[J]. Journal of Computer Applications, 2011, 31(9): 2412-2416.
[6] 杜跃进,崔翔.僵尸网络及其启发[J].中国数据通信, 2005, 7(5): 9-13.DU Yuejin, CUI Xiang. Botnets and its enlightment[J]. China Data Communication, 2005, 7(5): 9-13.
[7] VALIANT L G. A bridging model for parallel computation[J]. Communications of the ACM, 1990, 33(8): 103-111.
[8] 李晓桢,程佳,胡军.基于聚类分析的僵尸网络识别系统[J].计算机系统应用, 2009(8): 130-135.LI Xiaozhen, CHENG Jia, HU Jun. Botnet recognition system based on the clustering technology[J]. Computer System and Application, 2009(8): 130-135.
[9] STONEBRAKER M, ABADI D J, DEWITT D J, et al. MapReduce and parallel DBMSs: friends or foes?[J]. Communication of the ACM, 2010, 53(1): 64-71.
[10] 张鹏,唐世渭.朴素贝叶斯分类中的隐私保护方法研究[J].计算机学报, 2007, 30(8): 1267-1276.ZHANG Peng, TANG Shiwei. Privacy preserving naive Bayesian classification[J]. Chinese Journal of Computers, 2007, 30(8): 1267-1276.
Similar References:

Memo

-

Last Update: 1900-01-01

Copyright © CAAI Transactions on Intelligent Systems