Detecting Botnet Traffic from a Single Host
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F14%3A00226434" target="_blank" >RIV/68407700:21230/14:00226434 - isvavai.cz</a>
Result on the web
<a href="http://www.igi-global.com/chapter/detecting-botnet-traffic-from-a-single-host/123544" target="_blank" >http://www.igi-global.com/chapter/detecting-botnet-traffic-from-a-single-host/123544</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.4018/978-1-4666-7381-6.ch019" target="_blank" >10.4018/978-1-4666-7381-6.ch019</a>
Alternative languages
Result language
angličtina
Original language name
Detecting Botnet Traffic from a Single Host
Original language description
The detection of bots and botnets in the network may be improved if the analysis is done on the traffic of one bot alone. While a botnet may be detected by correlating the behavior of several bots in a large amount of traffic, one bot alone can be detected by analyzing its unique trends in less traffic. The algorithms to differentiate the traffic of one bot from the normal traffic of one computer may take advantage of these differences. The authors propose to detect bots in the network by analyzing therelationships between flow features in a time window. The technique is based on the Expectation-Maximization clustering algorithm. To verify the method they designed test-beds and obtained a dataset of six different captures. The results are encouraging,showing a true positive error rate of 99.08% with a false positive error rate of 0.7%.
Czech name
—
Czech description
—
Classification
Type
O - Miscellaneous
CEP classification
JC - Computer hardware and software
OECD FORD branch
—
Result continuities
Project
—
Continuities
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Others
Publication year
2014
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů