Fuzzy Based Bot Detection Essay

884 words - 4 pages

We propose a generic bot detection system for an endpoint host. It classifies destinations contacted by the host as benign or malicious by looking at the traffic generated by the host. The system is based on the assumption that user activity on an endpoint host takes place at random times and hence the traffic generated due to user activity, which we call user-induced traffic, shows random behavior. Bot C&C traffic, on the other hand, is programmed at the time of its coding or configuration and is expected to show regularity in behavior. This difference is behavior is captured using three features extracted from traffic – timegap between flows to a destination, numbers of packets in flows to a destination, numbers of bytes in flows to a destination. A flow is a set of packets that share the same Flow ID (Source IP, Source Port, Destination IP, Destination Port, Protocol).The entropy of the features are used to model the behaviour of both bot and user-induced traffic. We do an initial characterization of both classes of traffic and derive a set of fuzzy rules to describe their behaviour. Fuzziness is introduced in order to describe the difference in traffic behaviour in terms of natural language. The following sections describe the system in detail.
Traffic Characterization
From a review of literature, we found that there are only a few works [34-38] which analyse bot behavior. We understand from these works that the only invariant in bot behavior is its communication with the C&C server. Hence the bot C&C is the weak link of the bot through which we can detect its presence. From the bot analysis works, we were able to conclude that bots communicate periodically with their masters for getting commands, reporting status, posting stolen information and so on. Hence we do an observation and characterization of bot as well as user-induced traffic in order to infer how they can be differentiated.
The characterization of user-induced traffic is done based on data collected from an untainted Windows XP host over 42 days. Data is collected from 10 distinct users. Microsoft Network Monitor 3.4 is used for data capture. A web user session is found to be of duration 15 minutes or less [24]. Hence we choose our timeslot for characterization of traffic to be slightly larger, of 30 minutes duration. A sliding window is maintained over the timeslots with the time window sliding 10 minutes at a time. We also define a term Flow Set which is the set of flows to the same destination in any time period. In the context of traffic characterization, we have chosen the time period to be a...

Find Another Essay On fuzzy based bot detection

Trust Based Misbehavior Detection in Wireless Sensor Networks

1749 words - 7 pages of this paper is to develop a fuzzy theory based trust and reputation model for WSNs environment. IV. System Model A. Architecture The architecture of our proposed system, consists of four major blocks namely, i. Cluster Formation and CH selection ii. Information Gathering iii. Trust Evaluation and Propagation iv. Misbehavior Detection The detailed description about the architecture is as follows. Fig. 2. Overall Architecture of the

Molecular characterization of Dendrobium nobile Lindl., an endangered medicinal orchid germplasm based on randomly amplified polymorphic DNA

1611 words - 7 pages to the populations becoming threatened and endangered in natural habitats (Miyazawa et al. 1997; Yang et al. 2006). In order to design an effective conservation based utilization strategy for this endangered orchid species, therefore it is important to have a clear view about the availability and distribution of all natural genetic variations existing within the genus. Analysis of the genetic diversity and population structure of an endangered

object tracking

1141 words - 5 pages Visual object tracking is increasing the interest of researchers in the field of computer vision. The applications of object tracking include video surveillance to ensure security and safety, people monitoring, traffic monitoring and human computer interaction. Background subtraction methods have received a lot of attraction due to less computation time and accurate detection of moving objects. However, difficulties in object tracking arise due

Various Brain Tumor Detection Techniques

4541 words - 18 pages criteria are met. After a certain point where syntactic region merging stops, an initial region labeling is carried out by using low-level features and detectors [38] and then segmentation continues based on fuzzy criteria that apply on a semantic level [21].The performance of this approach largely depends on the selected homogeneity criterion. Region growing is a simple region-based image segmentation method which is also known as a pixel-based

Backward Substraction Algorithm for Stationary and Dynamic Background Video Sequences

1786 words - 8 pages algorithm usually adopts the method of image averaging to build the background model, which averages multi-frames after summing them up to get a new image. This method is simple and easy to be implemented, but the averaging image is too fuzzy, which will definitely affect the accuracy of video object segmentation. Hong Qiang Bao proposed a video object segmentation algorithm based on background reconstruction. This

A Comparative Study of Breast Cancer Detection Based on SVM and MLP BPN Classifier

1177 words - 5 pages very much important in the field of medical science as well as in Bioinformatics. In our work, MLP BPN-based and SVM-based classification techniques are applied to the Breast Cancer Wisconsin dataset from the UCI machine language repository for detection of breast cancer. Works Cited [1] R. Agrawal, T. Imielinski, and A. Swami, Database mining: a performance perspective. IEEE Transactions on Knowledge and Data Engineering, 5 (6), p. 914

Key Frame Extractions and Methodologies

5268 words - 21 pages INTRODUCTION Moving object detection finds lot of application surveillance and traffic monitoring. There are many methods for object detection. Object detection generally involves Key-Frame extraction and Background Subtraction. Key frame extraction summarizes video by eliminating transitional frames, thus reducing computational load. Frame difference, local binary differential, wavelet based and histogram based methods are some of the

Optimal Synthetic Aperture Radar Image Detection

1568 words - 6 pages rejection of the speckle noise motivated many works where ANN algorithms have been applied to SAR imagery classification [2][3][4][5]. Artificial Neural Network (ANN) algorithms have been increasingly applied to remote sensing for image classification in the last years [6][7][8][9]. SAR images have found many applications in the field of Automatic Target Recognition (ATR). Target detection is a signal processing problem whereby one attempts to

How Can Artificial Intelligence Help Us?

3108 words - 12 pages calculate such large equations.AI is achieved using a number of different methods. The more popular implementations comprise neural networks, chaos engineering, fuzzy logic, knowledge based systems, and expert systems. Using any one of the aforementioned design structures requires a specialized computer system. For example, Anderson Consulting applies a knowledge based system to commercial loan officers using multimedia (Hedburg 121). Their system

Diagnosing Chronic Diseases: Literary Review

2830 words - 11 pages . 2013. [11] W. L. Yeow, R. Mahmud, and R. G. Raj, “An application of case-based reasoning with machine learning for forensic autopsy,” Expert Syst. Appl., Nov. 2013. [12] N. Xiong, “Fuzzy rule-based similarity model enables learning from small case bases,” Appl. Soft Comput., vol. 13, no. 4, pp. 2057–2064, Apr. 2013. [13] M. K. Jha, D. Pakhira, and B. Chakraborty, “Diabetes Detection and Care Applying CBR Techniques,” Int. J. Soft Comput. Eng

Soft Computing Techniques Used in Engineering Fields

846 words - 4 pages vibration characteristics. Damage assessment using vibration data dates back to 1970’s when offshore oil industries developed methods for damage assessment in offshore oil platforms. However, due to lack of sophisticated computing facility during that period, most of the above studies are limited to simple structures and damage conditions. But with the advancement of computing facility vibration based damage detection method gained considerable

Similar Essays

A Novel Neuro Fuzzy Classification Method For Breast Cancer Detection

2499 words - 10 pages The breast cancer is a life-threatening disease observed among females all over the world. Detection and analysis of the disease is a significant part of data mining research. Classification as an essential data mining procedure also helps in clinical diagnosis and analysis of this disease. In our study, we proposed a novel Neuro-fuzzy classification based method. We applied our method to three benchmark data sets from the UCI machine learning

Botnets: The Real Threat Essay

4126 words - 17 pages botnets [18] into parasite, leeching and bot only P2P botnets. The P2P botnet detection and mitigation was presented alongwith defense strategies against P2P botnets like index poisoning, eclipse-based mitigation and sybil attack. In [19], authors have constructed P2P-based botnet simulation testbed that uses real execution code of Kademlia. The testbed uses distributed event-driven simulation methods for high scalability, reachability, clustering

Algorithms In Engineering Control Systems Essay

1526 words - 7 pages , i=1,2,...,s} to obtain a stable switching fuzzy system, the collection of matrices A has to be Hurwitz. For sets of constituents (1) and real eigenvalues {s o,li <0, l=1,2,...,w, i=1,2,...,s}, the necessary con- dition for existence of a collection of Hurwitz matrices A = {A uli } means that there exist a positive constant γ ∈ I R and a positive definite diagonal matrix M ∈ I R n×n such that Paper Fault detection based on Linear Quadratic

Expert Systems Essay

2201 words - 9 pages using rules or principles based on such linguistic statements. This allows universal understanding of the working mechanism of any inference engine. What are the application areas of FUZZY inferencing? Practically every application involving decision making is a potential area: control system design in any engineering field, medical diagnostics, insurance risk assessment, interpreting law, autonomous robots, fraud detection, mathematical