A Combined Fusion and Data Mining Framework for the Detection of Botnets

Washington, DC(2009)

引用 4|浏览1
This paper describes a combined fusion and mining framework applied to the detection of stealthy botnets.The framework leverages a fusion engine that tracks hosts through the use of feature-based profiles generated from multiple network sensor types. These profiles are classified and correlated based on a set of known host profiles, e.g., web servers, mail servers,and bot behavioral characteristics. A mining engine discovers emergent threat profiles and delivers them to the fusion engine for processing. We describe the distributed nature of botnets and how they are created and managed. We then describe a combined fusion and mining model that builds on recent work in the cybersecurity domain. The framework we present employs an adaptive fusion system driven by a mining system focused on the discovery of new threats. We conclude with a discussion of experimental results, deployment issues, and a summary of our arguments.
fusion engine thattracks host,fusion engine,combined fusion,data mining framework,stealthy botnets,bot behavioral characteristic,emergent threat profile,host profile,cybersecurity domain,employsan adaptive fusion system,hyperplane,computer security,data engineering,terrorism,computer science,distributed databases,collaboration,data fusion,sensor fusion,application software,botnets,correlation,engines,data mining,probability density function
AI 理解论文
Chat Paper