Foundations of statistical natural language processing
Foundations of statistical natural language processing
Compilers: Principles, Techniques, and Tools (2nd Edition)
Compilers: Principles, Techniques, and Tools (2nd Edition)
Automatic discovery of botnet communities on large-scale communication networks
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Zero knowledge hidden Markov model inference
Pattern Recognition Letters
Behavior detection using confidence intervals of hidden Markov models
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Botnet traffic detection using hidden Markov models
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Network-based approach to online cursive script recognition
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Modular fuzzy-neuro controller driven by spoken language commands
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Timing analysis in P2P botnet traffic using probabilistic context-free grammars
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Hi-index | 0.00 |
Botnets are a major source of spam, distributed denial-of-service attacks (DDoS) and other cybercrime [21]. Compromised computers are usually controlled by a centralized Command and Control (C&C) server. Hidden Markov models (HMMs) have been used successfully to detect centralized botnet traffic, such as the Zeus botnet [9], which is one of the largest botnet in the wild. To avoid the disadvantages of centralized structures, hierarchical botnets now use P2P techniques. In this work, we applied our HMM approach for centralized botnet detection to hierarchical botnet traffic detection based on traffic timing data. We attempted to infer hidden Markov models from botnet traffic timings. However the inferred model is not statistically significant. Usually this can be solved by using larger data sets. Oddly, when we infer models with additional data, the required amount of data for model confidence keeps increasing. While using the approximate HMM for detection, we can not accurately detect botnet traffic like we can for centralized botnet traffic. Reasons for this and possible solutions are discussed.