文章基本信息

标题：Multi-Stream Fused Model: A Novel Real-Time Botnet Detecting Model
本地全文：下载
作者：Jae Moon Lee ; Thien Nguyen Phu
期刊名称：Bonfring International Journal of Data Mining
印刷版ISSN：2250-107X
电子版ISSN：2277-5048
出版年度：2017
卷号：7
期号：2
页码：06-10
DOI：10.9756/BIJDM.8331
语种：English
出版社：Bonfring
摘要：In the current computer era, spam, DDoS and phishing are familiar complications on the Internet. Once, attackers tended to make use of centralized high bandwidth associations to achieve their tasks. At present, even home users have high bandwidth internet connections, attackers have started infecting and using these home computers for their attacks. Attacking from distributed places, attackers are harder to catch or prevent and typically have more bandwidth to abuse. New schemes are required to sense the forming of these widespread networks of infected hosts, particularly now that it seems attackers have discovered the peer-to-peer (P2P) technology. They develop new features like P2P Command and Control (C&C), which makes conventional detection methods no longer efficient for indicating the existence of the bots. Here, a system is proposed that accurately and competently detects the existence of storm botnet. In this paper, based on a number of new P2P botnet characteristic properties, a novel real-time detecting model ? MSFM (Multi-Stream Fused Model) is proposed. MSFM considers multiple categories of packets? unique characteristics and handle them with equivalent strategies. Experiment results demonstrate that this model can accurately detect botnet with comparatively low false-positive and false-negative rates.
关键词：Centralized Botnet; Discrete Kalman Filter; Multi-Chart CUSUM; P2P Command and Control.