• DocumentCode
    3186682
  • Title

    The improvement and research of the compromised machines detection algorithm

  • Author

    Zhai Guangqun ; Zhuang Yan

  • Author_Institution
    Dept. Sch. of Inf. Eng., Zhengzhou Univ., Zhengzhou, China
  • fYear
    2011
  • fDate
    8-10 Aug. 2011
  • Firstpage
    3495
  • Lastpage
    3499
  • Abstract
    To realize the detection of the compromised machines in the botnet, TRW (Threshold Random Walk) algorithm was deliberated. And then the similarity of the inbound packets payload and the time distance of the inbound-outbound packets pair between the compromised machines would be evaluated and induced to an overall similarity, which is also called similarity factor, and to substitute in to the modified TRW algorithm. The result of the experiments had proved that modified algorithm could distinctly minimized the number of the time windows, and also proved the feasibility, validity and accuracy of the algorithm used in the detection of compromised machines in the local area network detection.
  • Keywords
    computer network security; invasive software; local area networks; random processes; TRW; botnet; compromised machine detection algorithm; inbound packets payload; inbound-outbound packets pair; local area network detection; similarity factor; threshold random walk algorithm; Detection algorithms; Equations; Local area networks; Mathematical model; Monitoring; Payloads; Time measurement; TRW algorithm; botnet; compromised machines; similarity;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC), 2011 2nd International Conference on
  • Conference_Location
    Deng Leng
  • Print_ISBN
    978-1-4577-0535-9
  • Type

    conf

  • DOI
    10.1109/AIMSEC.2011.6011268
  • Filename
    6011268
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3186682