Adaptive pattern mining model for early detection of botnet-propagation scale
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Kim, Do Hoon | - |
dc.contributor.author | Lee, Taek | - |
dc.contributor.author | Kang, Jaewoo | - |
dc.contributor.author | Jeong, Hyunchoel | - |
dc.contributor.author | In, Hoh Peter | - |
dc.date.accessioned | 2021-09-06T16:59:59Z | - |
dc.date.available | 2021-09-06T16:59:59Z | - |
dc.date.created | 2021-06-18 | - |
dc.date.issued | 2012-08 | - |
dc.identifier.issn | 1939-0114 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/107747 | - |
dc.description.abstract | Botnets are a disastrous threat because they execute malicious activities such as distributed denial-of-service, spam email, malware downloads (such as eggdownloads), and spying by exploiting zombie PCs under their control. Botnets infect PCs on a huge scale by initially scanning the service ports of vulnerable applications for the purpose of propagation, which is leveraged as the size of the botnet increases. Therefore, it is of crucial importance to detect botnet-propagation activities early and to determine the expectedsize of the attack. To address this issue, this paper proposes to recreate botnets' port-scanning patterns using a simple text classifier that represents these patterns as a kind of matrix. The patterns obtained are then used to train a hidden Markov model and to perform early detection using the trained model. Early detection is achievable by catching the onset of suspicious propagation immediately, and a size estimate is obtained by monitoring fluctuations in botnet size. With this approach, early-detection rates increased to more than 30.6% on average, with a low false negative rate (less than 6%) and an F-measure greater than 96%. This significant improvement in performance will contribute to preventing botnet propagation in its earliest stages. Copyright (C) 2011 John Wiley & Sons, Ltd. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | WILEY-HINDAWI | - |
dc.title | Adaptive pattern mining model for early detection of botnet-propagation scale | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Kang, Jaewoo | - |
dc.contributor.affiliatedAuthor | In, Hoh Peter | - |
dc.identifier.doi | 10.1002/sec.366 | - |
dc.identifier.scopusid | 2-s2.0-84864302780 | - |
dc.identifier.wosid | 000306900500008 | - |
dc.identifier.bibliographicCitation | SECURITY AND COMMUNICATION NETWORKS, v.5, no.8, pp.917 - 927 | - |
dc.relation.isPartOf | SECURITY AND COMMUNICATION NETWORKS | - |
dc.citation.title | SECURITY AND COMMUNICATION NETWORKS | - |
dc.citation.volume | 5 | - |
dc.citation.number | 8 | - |
dc.citation.startPage | 917 | - |
dc.citation.endPage | 927 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Telecommunications | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Telecommunications | - |
dc.subject.keywordAuthor | botnet propagation | - |
dc.subject.keywordAuthor | early detection | - |
dc.subject.keywordAuthor | port scanning | - |
dc.subject.keywordAuthor | hidden Markov model | - |
dc.subject.keywordAuthor | simple text classifiers | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.