2019
DOI: 10.48550/arxiv.1908.03443
|View full text |Cite
Preprint
|
Sign up to set email alerts
|

Tracking Temporal Evolution of Network Activity for Botnet Detection

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
12
0

Year Published

2020
2020
2023
2023

Publication Types

Select...
4
2

Relationship

0
6

Authors

Journals

citations
Cited by 6 publications
(12 citation statements)
references
References 0 publications
0
12
0
Order By: Relevance
“…RNN is well-known for capturing sequential characteristics of network traffic data. For example, Sinha et al [14] proposed a supervised approach to detect botnet hosts by tracking the network activities over time and extract graph-based features from NetFlow data for botnet detection. However, their technique only extracted features for each host IP address separately.…”
Section: B Botnet Detection Methodology Using MLmentioning
confidence: 99%
See 3 more Smart Citations
“…RNN is well-known for capturing sequential characteristics of network traffic data. For example, Sinha et al [14] proposed a supervised approach to detect botnet hosts by tracking the network activities over time and extract graph-based features from NetFlow data for botnet detection. However, their technique only extracted features for each host IP address separately.…”
Section: B Botnet Detection Methodology Using MLmentioning
confidence: 99%
“…One of the critical limitations is that these algorithms did not pay much attention to sequential patterns within network data, even though botnet traffic shows repeated patterns due to the nature of the pre-programmed activities [13]. There are studies considered sequential characteristics by the same source IP addresses, which may not be generalized to other IP addresses [14], [15]. In addition, existing studies only consider specific types of network activities, such as IRC, P2P, and HTTP traffic, while active botnets are utilizing a combination of different protocols [14]- [17].…”
Section: Introductionmentioning
confidence: 99%
See 2 more Smart Citations
“…In [28], the authors used a sequence of graphs to model the time evolution of the network traffic, in which nodes are the hosts (in the form of IP addresses) of the network, and edges are the packets exchanged by hosts. After generating these graphs, time series are extracted from each node by computing a set of graph-based features (e.g., in/out-degree, or in/out-neighbors).…”
Section: Automatic Extraction Of Featuresmentioning
confidence: 99%