Title :
Detecting New Decentralized Botnet Based on Kalman Filter and Multi-chart CUSUM Amplification
Author :
Kang, Jian ; Song, Yuan-Zhang
Author_Institution :
Dept. of Comput. Sci. & Technol., Jilin Univ., Changchun, China
Abstract :
Nowadays new decentralized botnets pose a great threat to Internet. They evolve new features such as decentralized architecture, using P2P networks and etc, which make traditional detection methods no longer be effective and accurate enough for indicating the existence of the bots. Thus, in this paper, based on several of the new P2P botnet characteristic properties, we propose a novel real-time detecting model - KCFM (Kalman filter and Multi-chart CUSUM Fused Model), which use the discrete Kalman filter to find traffic anomaly, and Multi-chart CUSUM acts as the amplifier to make the abnormality clearer. The experiments show our approach can successfully detect new decentralized botnet with a relatively high precision.
Keywords :
Kalman filters; amplification; control charts; peer-to-peer computing; real-time systems; security of data; software agents; Internet; P2P botnet characteristic; decentralized architecture; decentralized botnet; discrete Kalman filter; multichart CUSUM fused amplification; real-time detecting model; Computer networks; Computer science; Computer security; IP networks; Internet; Monitoring; Network servers; Storms; Web server; Wireless communication; Multi-chart CUSUM; decentralized botnet; discrete Kalman filter; peer to peer;
Conference_Titel :
Networks Security Wireless Communications and Trusted Computing (NSWCTC), 2010 Second International Conference on
Conference_Location :
Wuhan, Hubei
Print_ISBN :
978-0-7695-4011-5
Electronic_ISBN :
978-1-4244-6598-9
DOI :
10.1109/NSWCTC.2010.10
