Clustering botnet behavior using parameterized models

作者: Yinglian Xie , Fang Yu , Kannan Achan

DOI:

关键词: Similarity (network science)Property (programming)Email spamIdentification (information)Set (abstract data type)Host (network)Cluster analysisComputer scienceComputer securityBotnetData mining

摘要: Identification and prevention of email spam that originates from botnets may be performed by finding similarity in their host property behavior patterns using a set labeled data. Clustering models properties pertaining to previously identified appropriately tagged botnet hosts learned. Given data, each examined individually clustering model learned reflect upon selected properties. Once has been for every botnet, used look fit into profile. Such traffic can either discarded or subsequent analysis also profile preventing them launching other attacks. In addition, individual further clustered form superclusters, which help understand detect future

参考文章(25)
Michael Collins, Timothy J. Shimeall, Sidney Faber, Jeff Janies, Rhiannon Weaver, Markus De Shon, Predicting future botnet addresses with uncleanliness Defense Technical Information Center. ,(2007) , 10.21236/ADA633445
Jelena Mirkovic, Songjie Wei, Ezra Kissel, Profiling and Clustering Internet Hosts. DMIN. pp. 269- 275 ,(2006)
Farnam Jahanian, Danny McPherson, Evan Cooke, The Zombie roundup: understanding, detecting, and disrupting botnets conference on steps to reducing unwanted traffic on internet. pp. 6- 6 ,(2005)
Cyril Goutte, Pierre Isabelle, Stephen Kruger, Eric Gaussier, Adaptive spam message detector ,(2004)
David Cowings, Art Medlar, David Hoogstrate, Ken Schneider, Sandy Jensen, System and method for filtering spam messages utilizing URL filtering module ,(2004)