P2P botnet detection using behavior clustering & statistical tests
Proceedings of the 2nd ACM workshop on Security and artificial intelligence
| Hi-index | 0.00 |
Node behavior profiling is a promising tool for many aspects in network security. In our research, our goal is to couple node behavior profiles with statistical tests with a focus on enterprise security. Limited work has been done in the literature. In this paper, we first propose a correlation based node behavior profiling approach to study node behaviors in enterprise network environments. We then propose formal statistical test on the most common behavior profiles which is able to detect worm propagation. In our initial studies, we evaluate our profiling and detection schemes using real enterprise data (LBNL traces). The results show that the correlation based node behavior profiling approach can capture normal behaviors of different types. Consequently, the behavior profiles are promising for anomaly detection when coupled with statistical methods.