An empirical comparison of botnet detection methods
作者: S. García , M. Grill , J. Stiborek , A. Zunino
DOI: 10.1016/J.COSE.2014.05.011
关键词:
摘要: The results of botnet detection methods are usually presented without any comparison. Although it is generally accepted that more comparisons with third-party may help to improve the area, few papers could do it. Among factors prevent a comparison difficulties share dataset, lack good absence proper description and methodology. This paper compares output three different by executing them over new, real, labeled large dataset. dataset includes botnet, normal background traffic. our two (BClus CAMNEP) BotHunter were compared using methodology novel error metric designed for detections methods. We conclude comparing indeed helps better estimate how are, algorithms, build datasets
acm.org
sci-hub.se 参考文章(43)
Kenjiro Cho, Koushirou Mitsuya, Akira Kato, Traffic data repository at the WIDE project usenix annual technical conference. pp. 51- 51 ,(2000)
Sotiris Kotsiantis, Dimitris Kanellopoulos, Panayiotis Pintelas, Handling imbalanced datasets: A review ,(2006)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Andreas Hegna, Visualizing Spatial and Temporal Dynamics of a Class of IRC-Based Botnets 163. ,(2010)
Martin Rehák, Michal Pěchouček, None, Trust Modeling with Context Representation and Generalized Identities cooperative information agents. pp. 298- 312 ,(2007) , 10.1007/978-3-540-75119-9_21
Achim Rettinger, Matthias Nickles, Volker Tresp, Learning Initial Trust Among Interacting Agents cooperative information agents. pp. 313- 327 ,(2007) , 10.1007/978-3-540-75119-9_22
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Géza Szabó, Dániel Orincsay, Szabolcs Malomsoky, István Szabó, On the validation of traffic classification algorithms passive and active network measurement. pp. 72- 81 ,(2008) , 10.1007/978-3-540-79232-1_8
Peng Li, Limin Liu, Debin Gao, Michael K. Reiter, On challenges in evaluating malware clustering recent advances in intrusion detection. ,vol. 6307, pp. 238- 255 ,(2010) , 10.1007/978-3-642-15512-3_13
Anna Sperotto, Ramin Sadre, Frank van Vliet, Aiko Pras, A Labeled Data Set for Flow-Based Intrusion Detection ip operations and management. pp. 39- 50 ,(2009) , 10.1007/978-3-642-04968-2_4