Businesses are constantly under security threats, which not only costs billions of dollars in damage and recovery, but also detrimentally affects their reputation. A botnet-assisted attack is a widely known threat to these organizations. According to U.S. Federal Bureau of Investigation, “Botnets caused over $9 billion in losses to U.S. victims and over $110 billion globally. Approximately 500 million computers are infected each year, translating into 18 victims per second.” The most infamous attack, Rustock, infected 1 million machines, sending up to 30 billion spam emails a day. More recently, Mirai knocked offline 900,000 users of Deutsche Telekom. Thus, it is imperative to defend against botnet-assisted attacks. A botnet is a collection of bots, agents in compromised hosts, controlled by botmasters via command and control (C2) channels. A botmaster could be distributed across several agents that reside within or outside the network. Hence, a botnet can be used for tasks ranging from distributed denial-of-service (DDoS), to massive-scale spamming, to fraud and identify theft. Numerous measures are employed to fend off these threats and protect the network and its data from botnets. This project aims to devise an adaptive and robust botnet detection and mitigation system that leverages machine learning (ML). On the detection front, novel anomaly-based intrusion detection, employing host- and networkbased detection methods along with ML models adaptive to network dynamics and adversarial activities will be devised to build an advanced detection system that bots cannot easily evade. On the mitigation front, software-defined networking (SDN) will be leveraged to dynamically adapt the monitoring of the network, instigate root cause analysis, and automatically generate and enforce mitigation workflows. This project will broaden the scope of botnet detection and mitigation, including protection against zero-day threats. Advances made in collaboration with the industry partner, will have a lasting impact on the design principles and practices of cybersecurity for businesses and financial institutions.
H. Tsang, I. Akbari, M. A. Salahuddin, N. Limam and R. Boutaba. ATMoS+: Generalizable Threat Mitigation in SDN using Permutation Equivariant and Invariant Deep Reinforcement Learning. IEEE Communications Magazine. IEEE Press. Vol. 59(12), pp. 105-111, January 2022.
H. Bian, T. Bai, M. A. Salahuddin, N. Limam, A. Abou Daya, and R. Boutaba. Uncovering Lateral Movement using Authentication Logs. IEEE Transactions on Network and Service Management - Special Issue on Data Analytics and Machine Learning for Network and Service Management. IEEE Press. Vol. 18(1), pp. 1049-1063, March 2021.
T. Bai, H. Bian, M. A. Salahuddin, A. Abou Daya, N. Limam, and R. Boutaba. RDP-based Lateral Movement detection using Machine Learning. Computer Communications. Elsevier. Vol. 165, pp. 9-19, January 2021.
A. Abou Daya, M. Salahuddin, N. Limam, R. Boutaba. BotChase: Graph-based Bot Detection using Machine Learning. IEEE Transactions on Network and Service Management - Special Issue on Cybersecurity Techniques for Managing Networked Systems. IEEE Press, Vol. 17(1), pp. 15-29, March 2020.
I. Akbari, E. Tahoun, M.A. Salahuddin, N. Limam, and R. Boutaba. ATMoS: Autonomous Threat Mitigation in SDN using Reinforcement Learning. IEEE/IFIP Network Operations and Management Symposium (NOMS). Budapest, Hungary, April 20-24, 2020.
H. Bian, T. Bai, M.A. Salahuddin, N. Limam, A. Abou Daya, and R. Boutaba. Host in Danger? Detecting Network Intrusions from Authentication Logs IEEE/ACM/IFIP Conference on Network and Service Management (CNSM). Halifax, Canada, October 21-25, 2019.
T. Bai, H. Bian, A. Abou Daya, M.A. Salahuddin, N. Limam and R. Boutaba. A Machine Learning Approach for RDP-based Lateral Movement Detection. IEEE Conference on Local Computer Networks (LCN), Osnabrück, Germany, October 14-17, 2019.
A. Abou Daya, M.A. Salahuddin, N. Limam, R. Boutaba. A Graph-Based Machine Learning Approach for Bot Detection. IFIP/IEEE Integrated Network Management Symposium (IM). Washington DC, USA. April 8-12, 2019.
R. Boutaba, M. A. Salahuddin, N. Limam, S. Ayoubi, N. Shahriar, F. Estrada-Solano, O. M. Caicedo. A Comprehensive Survey on Machine Learning for Networking: Evolution, Applications and Research Opportunities. Journal of Internet Services and Applications. Springer. Vol. 9(16), June 2018.
S. Ayoubi, N. Limam, M.A. Salahuddin, N. Shahriar, R. Boutaba., F. Estrada-Solano, O.M. Caicedo. Machine Learning for Cognitive Network Management. IEEE Communications Magazine, Network and Service Management Series. IEEE Press. Vol. 56(1), pp. 158-165, January 2018.