Collaborative Framework for Early Detection of RAT-Bots Attacks

Abstract

Read online

Attackers tend to use Remote Access Trojans (RATs) to compromise and control a targeted computer, which makes the RAT detection as an active research field. This paper introduces a machine learning-based framework for detecting compromised hosts and networks that are infected by the RAT-Bots. The proposed framework consists of two agents that are integrated to achieve reliable early detection of the RAT-bots. The first agent, the host agent, is responsible for monitoring the system behavior of the running host and raising an alarm for any anomalies. The second agent, the network agent, monitors the network traffic to extract any malicious patterns. The integrated approach improves both the detection ratio and accuracy. However, each approach cannot separately achieve the same performance as the proposed RAT-Bots detection framework. The performance of the introduced framework is evaluated by using real-world benchmark datasets. The experimental results show that the proposed approach can achieve an accuracy of 98.83% with 1.45% false positive rate.

Keywords

• Bots
• botnets
• host-based detection
• network-based detection
• machine learning algorithms
• rootkit behavior