Principal Component Analysis of Botnet Takeover
スポンサーリンク
概要
- 論文の詳細を見る
A botnet is a network of compromised computers infected with malware that is controlled remotely via public communications media. Many attempts at botnet detection have been made including heuristics analyses of traffic. In this study, we propose a new method for identifying independent botnets in the CCC Dataset 2009, the log of download servers observed by distributed honeypots, by applying the technique of Principal Component Analysis. Our main results include distinguishing four independent botnets when a year is divided into five phases.
- 2011-09-15
著者
-
Masato Terada
Hitachi, Ltd. Hitachi Incident Response Team (HIRT)
-
Masato Terada
Hitachi Ltd. Hitachi Incident Response Team (hirt)
-
Hiroaki Kikuchi
Tokai University
-
Shuji Matsuo
Tokai University
関連論文
- Principal Component Analysis of Port-scans for Reduction of Distributed Sensors
- Frequent Sequential Attack Patterns of Malware in Botnets
- Frequent Sequential Attack Patterns of Malware in Botnets
- Automated Port-scan Classification with Decision Tree and Distributed Sensors
- Estimation of Increase of Scanners Based on ISDAS Distributed Sensors
- Principal Component Analysis of Botnet Takeover
- Perfect Privacy-preserving Automated Trust Negotiation
- Mining Botnet Coordinated Attacks using Apriori-PrefixSpan Hybrid Algorithm (Preprint)