RESEARCH OF THE COMBINED BOTNET DETECTION METHOD BASED ON RANDOM SUBSPACE
Currently botnet is one of the most serious threats to Internet security. It not only brings losses to individual users, but also endangers the interests of enterprises and poses threats to national security. This paper proposed a combined botnet detection method based on Random Subspace classification algorithm (CD-RS). The first level is periodic detection (PD), which utilizes sequential hypothesis testing to detect the botnets. It has lower false negative but higher false positive. The second level is flow statistical characteristic detection (FSCD) which is to make up the deficiencies of the first stage detection. Random Subspace classification algorithm (RSCA) is used to construct the decision tree model, and then further detect the botnets based on statistical characteristic of flows. Based on these, this paper further discusses the selection of characteristic attributes set. Experimental results show that Random Subspace classification has the best detection results by using the characteristic attributes set selected by RandomSearch and ClassifierSubsetEval compared to other selection methods.
botnet anomaly detection periodic detection statistical flow characteristics Random Subspace
Nan Lu Xinliang Wang Fang Liu Wenli Zhou
School of Information and Communication Engineering,Beijing University of Posts and Telecommunications, Beijing 100876, China
国际会议
深圳
英文
615-619
2011-10-28(万方平台首次上网日期,不代表论文的发表时间)