Apriori-PrefixSpan Hybrid Approach for Automated Detection of Botnet Coordinated Attacks

Author

Ohrui, Masayuki ; Kikuchi, Hiroaki ; Terada, Masato ; Rosyid, Nur Rohman

Author_Institution

Dept. of Inf. Sci. & Eng., Tokai Univ., Hiratsuka, Japan

fYear

2011

Firstpage

Lastpage

Abstract

This paper aims to detect features of coordinated attacks by applying data mining techniques, Apriori and Prefix Span, to the CCC DATA set 2008-2010 which consists of the captured packets data and the downloading logs. Data mining algorithms allow us to automate detecting characteristics from large amount of data, which the conventional heuristics could not apply. Apriori a chives high recall but with false positive, while Prefix Span has high precision but low recall. Hence, we propose hybriding these algorithms. Our analysis shows the change in behavior of malware over the past 3 years.

Keywords

data mining; invasive software; Apriori-PrefixSpan hybrid approach; CCC DATA set; automated detection; botnet coordinated attacks; data mining; malware; Accuracy; Association rules; Databases; Grippers; Malware; Servers; Apriori; Botnets; Coordinated Attacks; Malware; PrefixSpan;

fLanguage

English

Publisher

ieee

Conference_Titel

Network-Based Information Systems (NBiS), 2011 14th International Conference on

Conference_Location

Tirana

ISSN

2157-0418

Print_ISBN

978-1-4577-0789-6

Electronic_ISBN

2157-0418

Type

conf

DOI

10.1109/NBiS.2011.23

Filename

6041909

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1683990