Botnet C&C Traffic and Flow Lifespans Using Survival Analysis

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F17%3APU123171" target="_blank" >RIV/00216305:26220/17:PU123171 - isvavai.cz</a>

Výsledek na webu

<a href="http://ijates.org/index.php/ijates/article/view/205/138" target="_blank" >http://ijates.org/index.php/ijates/article/view/205/138</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.11601/ijates.v6i1.205" target="_blank" >10.11601/ijates.v6i1.205</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Botnet C&C Traffic and Flow Lifespans Using Survival Analysis

Popis výsledku v původním jazyce

This paper addresses the issue of detecting unwanted traffic in data networks, namely the detection of botnet networks. In this paper, we focused on a time behavioral analysis, more specifically said – lifespans of a simulated botnet network traffic, collected and discovered from NetFlow messages, and also of real botnet communication of a malware. As a method we chose survival analysis and for rigorous testing of differences Mantel–Cox test. Lifespans of those referred traffics are discovered and calculated by lifelines using Python language. Based on our research we have figured out a possibility to distinguish the individual lifespans of C&C communications that are identical to each other by using survival projection curves, although it occurred in a different time course.

Název v anglickém jazyce

Botnet C&C Traffic and Flow Lifespans Using Survival Analysis

Popis výsledku anglicky

This paper addresses the issue of detecting unwanted traffic in data networks, namely the detection of botnet networks. In this paper, we focused on a time behavioral analysis, more specifically said – lifespans of a simulated botnet network traffic, collected and discovered from NetFlow messages, and also of real botnet communication of a malware. As a method we chose survival analysis and for rigorous testing of differences Mantel–Cox test. Lifespans of those referred traffics are discovered and calculated by lifelines using Python language. Based on our research we have figured out a possibility to distinguish the individual lifespans of C&C communications that are identical to each other by using survival projection curves, although it occurred in a different time course.

Druh

J_ost - Ostatní články v recenzovaných periodicích

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/LO1401" target="_blank" >LO1401: Interdisciplinární výzkum bezdrátových technologií</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2017

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

International Journal of Advances in Telecommunications, Electrotechnics, Signals and Systems

ISSN

1805-5443

e-ISSN

—

Svazek periodika

6

Číslo periodika v rámci svazku

1

Stát vydavatele periodika

CZ - Česká republika

Počet stran výsledku

7

Strana od-do

38-44

Kód UT WoS článku

—

EID výsledku v databázi Scopus

—