Survey and taxonomy of botnet research through life-cycle
ACM Computing Surveys (CSUR)
| Hi-index | 0.00 |
Nowadays new decentralized botnets pose a great threat to Internet. They evolve new features such as decentralized architecture, using P2P networks and etc, which make traditional detection methods no longer be effective and accurate enough for indicating the existence of the bots. Thus, in this paper, based on several of the new P2P botnet characteristic properties, we propose a novel real-time detecting model - KCFM (Kalman filter and Multi-chart CUSUM Fused Model), which use the discrete Kalman filter to find traffic anomaly, and Multi-chart CUSUM acts as the amplifier to make the abnormality clearer. The experiments show our approach can successfully detect new decentralized botnet with a relatively high precision.