FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W643586871> ?p ?o ?g. }

• W643586871 abstract "When a bot master uses a control and commander (C&C) mechanism to assemble a large number of bots, infecting them by using well known vulnerabilities, it forms a botnet. Botnets can vary in C&C architecture (Centralized C&C or P2P are the most common), communication protocols used (IRC, HTTP or others like P2P) and observable botnet activities. They are nowadays one of the largest threats on cyber security and it is very important to specify the different characteristics of botnets in order to detect them, the same way a hunter needs to know its prey before preparing methods to catch it. There are 2 important places to look for botnet activity: The network and the infected host.This project intends to present a study that correlates the behavior on the network with the behavior on the host in order to help detection, studies like [SLWL07] (based on network behavior) and [SM07] (based on host behavior) are two good start points to help on the research. The choice of the architecture was done by looking at the botnet characteristics especially the capacity of changing and evolving which makes methods for detection by misuse obsolete. The system is designed to first look at 4 features of system calls on the host side: First which system call it is, second the name of the application using the system call, third the time between this system call and the last system call and for last the sequence of the past three system calls. A technique of unsupervised learning (the K-means algorithm) will be used to calculate the values for the threshold using an unclassified training set. when on the real world the collection is used to calculate the values to compare with the threshold. If it passes the threshold than the necessary information is passed to the network evaluation block. On the network side and before receiving any data from the host side, it will calculate the threshold for the flows given on the training set. When using the data from the host to narrow down the number of flows to look at, it very if their values pass the threshold. The feature used to calculate the threshold is the time between flows. If the network finds flows that pass the threshold for the network evaluation block than it will emit reports and alarms to the user.The small experiences done show some promising signs for use on the real world even though a lot more further testing is needed especially on the network bit. The prototype shows some limitations that can be overcome by further testing and using other techniques to evolve the prototype." @default.
• W643586871 created "2016-06-24" @default.
• W643586871 creator A5022991627 @default.
• W643586871 date "2012-01-01" @default.
• W643586871 modified "2023-09-27" @default.
• W643586871 title "Botnet Detection by Correlation Analysis" @default.
• W643586871 cites W1499648394 @default.
• W643586871 cites W1550514379 @default.
• W643586871 cites W1551705282 @default.
• W643586871 cites W1583098994 @default.
• W643586871 cites W1583975142 @default.
• W643586871 cites W1671156703 @default.
• W643586871 cites W1775772884 @default.
• W643586871 cites W1809063480 @default.
• W643586871 cites W1909494783 @default.
• W643586871 cites W2012095206 @default.
• W643586871 cites W2021308105 @default.
• W643586871 cites W2066553416 @default.
• W643586871 cites W2102262986 @default.
• W643586871 cites W2104209065 @default.
• W643586871 cites W2128217000 @default.
• W643586871 cites W2131970275 @default.
• W643586871 cites W2138546208 @default.
• W643586871 cites W2150847526 @default.
• W643586871 cites W2161160262 @default.
• W643586871 cites W2479092613 @default.
• W643586871 hasPublicationYear "2012" @default.
• W643586871 type Work @default.
• W643586871 sameAs 643586871 @default.
• W643586871 citedByCount "0" @default.
• W643586871 crossrefType "journal-article" @default.
• W643586871 hasAuthorship W643586871A5022991627 @default.
• W643586871 hasConcept C10138342 @default.
• W643586871 hasConcept C110875604 @default.
• W643586871 hasConcept C116834253 @default.
• W643586871 hasConcept C126831891 @default.
• W643586871 hasConcept C136764020 @default.
• W643586871 hasConcept C144133560 @default.
• W643586871 hasConcept C182306322 @default.
• W643586871 hasConcept C182590292 @default.
• W643586871 hasConcept C18903297 @default.
• W643586871 hasConcept C22735295 @default.
• W643586871 hasConcept C38652104 @default.
• W643586871 hasConcept C41008148 @default.
• W643586871 hasConcept C59822182 @default.
• W643586871 hasConcept C86803240 @default.
• W643586871 hasConceptScore W643586871C10138342 @default.
• W643586871 hasConceptScore W643586871C110875604 @default.
• W643586871 hasConceptScore W643586871C116834253 @default.
• W643586871 hasConceptScore W643586871C126831891 @default.
• W643586871 hasConceptScore W643586871C136764020 @default.
• W643586871 hasConceptScore W643586871C144133560 @default.
• W643586871 hasConceptScore W643586871C182306322 @default.
• W643586871 hasConceptScore W643586871C182590292 @default.
• W643586871 hasConceptScore W643586871C18903297 @default.
• W643586871 hasConceptScore W643586871C22735295 @default.
• W643586871 hasConceptScore W643586871C38652104 @default.
• W643586871 hasConceptScore W643586871C41008148 @default.
• W643586871 hasConceptScore W643586871C59822182 @default.
• W643586871 hasConceptScore W643586871C86803240 @default.
• W643586871 hasLocation W6435868711 @default.
• W643586871 hasOpenAccess W643586871 @default.
• W643586871 hasPrimaryLocation W6435868711 @default.
• W643586871 hasRelatedWork W1503420225 @default.
• W643586871 hasRelatedWork W154449179 @default.
• W643586871 hasRelatedWork W1997413652 @default.
• W643586871 hasRelatedWork W1999952442 @default.
• W643586871 hasRelatedWork W2001284123 @default.
• W643586871 hasRelatedWork W2114237760 @default.
• W643586871 hasRelatedWork W2152045673 @default.
• W643586871 hasRelatedWork W2340840883 @default.
• W643586871 hasRelatedWork W2370355597 @default.
• W643586871 hasRelatedWork W2518572975 @default.
• W643586871 hasRelatedWork W2585575911 @default.
• W643586871 hasRelatedWork W2610250595 @default.
• W643586871 hasRelatedWork W2802962700 @default.
• W643586871 hasRelatedWork W2988791307 @default.
• W643586871 hasRelatedWork W3044499662 @default.
• W643586871 hasRelatedWork W52092224 @default.
• W643586871 hasRelatedWork W59869539 @default.
• W643586871 hasRelatedWork W202234841 @default.
• W643586871 hasRelatedWork W2100011431 @default.
• W643586871 hasRelatedWork W2143174487 @default.
• W643586871 isParatext "false" @default.
• W643586871 isRetracted "false" @default.
• W643586871 magId "643586871" @default.
• W643586871 workType "article" @default.