当前位置: X-MOL 学术Cluster Comput. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Early DGA-based botnet identification: pushing detection to the edges
Cluster Computing ( IF 4.4 ) Pub Date : 2021-01-02 , DOI: 10.1007/s10586-020-03213-z
Mattia Zago , Manuel Gil Pérez , Gregorio Martínez Pérez

With the first commercially available 5G infrastructures, worldwide’s attention is shifting to the next generation of theorised technologies that might be finally deployable. In this context, the cybersecurity of edge equipment and end-devices must be a top priority as botnets see their spread remarkably increase. Most of them rely on algorithmically generated domain names (AGDs) to evade detection and remain shrouded from intrusion detection systems, via the so-called Domain Generation Algorithm (DGA). Despite the issue, by applying concepts such as distributed computing and federated learning, the cybersecurity community has prototyped and developed dynamic and scalable solutions that leverage the increased capabilities and connectivity of edge devices. This article proposes a lightweight and privacy-preserving framework that pushes the intelligence modules to the edges aiming to achieve early DGA-based botnet detection in mobile and edge-oriented scenarios. Experimental results prove the deployability of such architecture at all levels, including resource-constrained end-devices.



中文翻译:

早期基于DGA的僵尸网络识别:将检测工作推向边缘

借助首批可商用的5G基础设施,全世界的注意力都转移到了可能最终可以部署的下一代理论技术上。在这种情况下,边缘设备和终端设备的网络安全必须成为头等大事,因为僵尸网络看到它们的传播速度显着增加。它们中的大多数依靠算法生成的域名(AGD)来逃避检测,并通过所谓的域生成算法(DGA)保留在入侵检测系统之外。尽管存在问题,但通过应用分布式计算和联合学习等概念,网络安全社区已原型化并开发了可扩展的动态和可扩展解决方案,这些解决方案利用了边缘设备的增强功能和连接性。本文提出了一个轻量级且保护隐私的框架,该框架将智能模块推向了边缘,旨在在移动和面向边缘的场景中实现基于DGA的早期僵尸网络检测。实验结果证明了这种架构在所有级别的可部署性,包括资源受限的终端设备。

更新日期:2021-01-02
down
wechat
bug