| Título: | Node-based Sampling P2P Bot Detection |
| Autores: |
Yin, Chunyong; Nanjing University of Information Science & Technology Sun, Ruxia; Nanjing University of Information Science & Technology Yang, Lei; Nanjing University of Information Science & Technology Iko, Darius; Nanjing University of Information Science & Technology |
| Fecha: | 2012-09-01 |
| Publicador: | TELKOMNIKA: Indonesian journal of electrical engineering |
| Fuente: |
 |
| Tipo: |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion |
| Tema: | No aplica |
| Descripción: | The concept of using node-based sampling for the treatment of packet capture mechanism based on Libpcap of network-based detecting Peer-to-Peer botnet process was tested, and its effect on the time window of feature extracting and sampling time interval was explored. Node-based sampling treatment resulted in significant increase in the detection performance due to node profile of the novel behaviors to the detected computer in Peer-to-Peer bot detection, and the degradation of false positive. At relatively right time window (e.g., about 180s), precision was completely maximized, while the false positive decreased by 10% to 15%. The detection rate can be significantly increased due to the false positive degradation. A new performance index called Comprehensive Evaluation Index is proposed for more clearly represent the effectiveness. Sampling can reduce morn than 60% input raw packet traces and achieve a high detection rate (about 99%) and a low false positive rates (0-2%). |
| Idioma: | Inglés |