Botnet Behavior Detection using Network Synchronism
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F11%3A00360842" target="_blank" >RIV/68407700:21230/11:00360842 - isvavai.cz</a>
Result on the web
<a href="https://doi.org/10.4018/978-1-60960-836-1.ch005" target="_blank" >https://doi.org/10.4018/978-1-60960-836-1.ch005</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.4018/978-1-60960-836-1.ch005" target="_blank" >10.4018/978-1-60960-836-1.ch005</a>
Alternative languages
Result language
angličtina
Original language name
Botnet Behavior Detection using Network Synchronism
Original language description
Botnets’ diversity and dynamism challenge detection and classification algorithms depend heavily on static or protocol-dependant features. Several methods showing promising results were proposed using behavioral-based approaches. The authors conducted an analysis of botnets’ and bots’ most inherent characteristics such as synchronism and network load within specific time windows to detect them more efficiently. By not relying on any specific protocol, our proposed approach detects infected computers by clustering bots’ network behavioral characteristics using the Expectation-Maximization algorithm. An encouraging false positive error rate of 0.7% shows that bots’ traffic can be accurately separated by our approach by analyzing several bots and non-botnet network captures and applying a detailed analysis of error rates.
Czech name
—
Czech description
—
Classification
Type
C - Chapter in a specialist book
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
—
Continuities
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Others
Publication year
2011
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Book/collection name
Privacy, Intrusion Detection and Response: Technologies for Protecting Networks
ISBN
9781609608361
Number of pages of the result
23
Pages from-to
1-23
Number of pages of the book
468
Publisher name
IGI Global
Place of publication
Hershey, Pennsylvania
UT code for WoS chapter
—