Document Type |
: |
Thesis |
Document Title |
: |
Botnet Mitigation based on Machine Learning in Software Defined Networks الحد من هجمات الروبوتات باستخدام تعليم الآله في الشبكات المعرفة بالبرمجيات |
Subject |
: |
Faculty of Computing and Information Technology |
Document Language |
: |
Arabic |
Abstract |
: |
Over the past decade, the internet has grown and changed the world tremendously, which has caused significant growth in cyber attacks. Cybersecurity represents one of the most serious threats to society and costs millions of dollars each year. Botnets are responsible for most internet attacks on conventional networks and have become the main concern and one of the biggest threats to software-defined networking (SDN). SDN is a new networking technology that makes networks easier to program by separating the data plane from the control plane. This makes the control plane independent and centralized for network control. Several methods have been proposed to detect and mitigate botnet attacks in SDN, but the challenges still exist. These methods of botnet detection based on NetFlow traffic features rely on computing statistical features of flow traffic and avoid detection in different ways. The aim of this thesis is to propose a secure system that efficiently detects botnet attacks and automatically mitigates them in the SDN. The secure system employs two phases: The first phase is the graph-based bot detection classification model called BotSword, and the second phase is validating the trained BotSword model in the SDN environment with maintaining high performance, bandwidth improvement, and low processing overhead, as well as automatically blocking all infected hosts to minimize the number of infected hosts and the amount of network damage. The proposed BotSword model showed excellent performance metrics (accuracy, recall, precision, and F1_score) over 99% and a low FPR of 0.002% evaluated in the CTU-13 dataset. Following validating in the SDN environment, our model showed the same excellent performance in all metrics with over 99%, a low FPR of 0.009%, improvement in bandwidth utilization of around 90%, and minor CPU utilization overhead. This enhancement is possible because our system detects bots and prevents them from communicating with other hosts.
Key Word: Cybersecurity, Botnet, software-defined networking (SDN), Graph fea- tures, Machine Learning |
Supervisor |
: |
Dr. Khalid Alsubhi |
Thesis Type |
: |
Doctorate Thesis |
Publishing Year |
: |
1444 AH
2022 AD |
Co-Supervisor |
: |
Prof. Ahmed Alzahrani |
Added Date |
: |
Monday, February 27, 2023 |
|
Researchers
خلود شينان الشهري | Alshehri, Kholoud Shinan | Researcher | Doctorate | |
|