Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Adaptive pattern mining model for early detection of botnet-propagation scale
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Kim, Do Hoon | - |
| dc.contributor.author | Lee, Taek | - |
| dc.contributor.author | Kang, Jaewoo | - |
| dc.contributor.author | Jeong, Hyunchoel | - |
| dc.contributor.author | In, Hoh Peter | - |
| dc.date.accessioned | 2021-09-06T16:59:59Z | - |
| dc.date.available | 2021-09-06T16:59:59Z | - |
| dc.date.created | 2021-06-18 | - |
| dc.date.issued | 2012-08 | - |
| dc.identifier.issn | 1939-0114 | - |
| dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/107747 | - |
| dc.description.abstract | Botnets are a disastrous threat because they execute malicious activities such as distributed denial-of-service, spam email, malware downloads (such as eggdownloads), and spying by exploiting zombie PCs under their control. Botnets infect PCs on a huge scale by initially scanning the service ports of vulnerable applications for the purpose of propagation, which is leveraged as the size of the botnet increases. Therefore, it is of crucial importance to detect botnet-propagation activities early and to determine the expectedsize of the attack. To address this issue, this paper proposes to recreate botnets' port-scanning patterns using a simple text classifier that represents these patterns as a kind of matrix. The patterns obtained are then used to train a hidden Markov model and to perform early detection using the trained model. Early detection is achievable by catching the onset of suspicious propagation immediately, and a size estimate is obtained by monitoring fluctuations in botnet size. With this approach, early-detection rates increased to more than 30.6% on average, with a low false negative rate (less than 6%) and an F-measure greater than 96%. This significant improvement in performance will contribute to preventing botnet propagation in its earliest stages. Copyright (C) 2011 John Wiley & Sons, Ltd. | - |
| dc.language | English | - |
| dc.language.iso | en | - |
| dc.publisher | WILEY-HINDAWI | - |
| dc.title | Adaptive pattern mining model for early detection of botnet-propagation scale | - |
| dc.type | Article | - |
| dc.contributor.affiliatedAuthor | Kang, Jaewoo | - |
| dc.contributor.affiliatedAuthor | In, Hoh Peter | - |
| dc.identifier.doi | 10.1002/sec.366 | - |
| dc.identifier.scopusid | 2-s2.0-84864302780 | - |
| dc.identifier.wosid | 000306900500008 | - |
| dc.identifier.bibliographicCitation | SECURITY AND COMMUNICATION NETWORKS, v.5, no.8, pp.917 - 927 | - |
| dc.relation.isPartOf | SECURITY AND COMMUNICATION NETWORKS | - |
| dc.citation.title | SECURITY AND COMMUNICATION NETWORKS | - |
| dc.citation.volume | 5 | - |
| dc.citation.number | 8 | - |
| dc.citation.startPage | 917 | - |
| dc.citation.endPage | 927 | - |
| dc.type.rims | ART | - |
| dc.type.docType | Article | - |
| dc.description.journalClass | 1 | - |
| dc.description.journalRegisteredClass | scie | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.relation.journalResearchArea | Computer Science | - |
| dc.relation.journalResearchArea | Telecommunications | - |
| dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
| dc.relation.journalWebOfScienceCategory | Telecommunications | - |
| dc.subject.keywordAuthor | botnet propagation | - |
| dc.subject.keywordAuthor | early detection | - |
| dc.subject.keywordAuthor | port scanning | - |
| dc.subject.keywordAuthor | hidden Markov model | - |
| dc.subject.keywordAuthor | simple text classifiers | - |
- Files in This Item
- There are no files associated with this item.
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.