Mining Botnet Coordinated Attacks using Apriori-PrefixSpan Hybrid Algorithm

情報処理学会

この論文をさがす

説明

This paper aims to detect features of coordinated attacks by applying data mining techniques, namely Apriori with PrefixSpan, to the CCC DATAset 2008-2010, which comprises captured packet data and downloading logs. Data mining algorithms enable us to automate the detection of characteristics in large amounts of data, which conventional heuristics cannot deal with. Apriori achieves a high recall but with false positives, whereas PrefixSpan has high precision but low recall. We therefore propose a hybrid of these two algorithms. Our analysis shows a change in the behavior of malware over the past three years.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.21(2013) No.4 (online)DOI http://dx.doi.org/10.2197/ipsjjip.21.607------------------------------

This paper aims to detect features of coordinated attacks by applying data mining techniques, namely Apriori with PrefixSpan, to the CCC DATAset 2008-2010, which comprises captured packet data and downloading logs. Data mining algorithms enable us to automate the detection of characteristics in large amounts of data, which conventional heuristics cannot deal with. Apriori achieves a high recall but with false positives, whereas PrefixSpan has high precision but low recall. We therefore propose a hybrid of these two algorithms. Our analysis shows a change in the behavior of malware over the past three years.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.21(2013) No.4 (online)DOI http://dx.doi.org/10.2197/ipsjjip.21.607------------------------------

収録刊行物

キーワード

詳細情報 詳細情報について

  • CRID
    1050001337903306752
  • NII論文ID
    110009605625
  • NII書誌ID
    AN00116647
  • ISSN
    18827764
  • Web Site
    http://id.nii.ac.jp/1001/00095198/
  • 本文言語コード
    en
  • 資料種別
    journal article
  • データソース種別
    • IRDB
    • CiNii Articles

問題の指摘

ページトップへ