Title :
The improvement and research of the compromised machines detection algorithm
Author :
Zhai Guangqun ; Zhuang Yan
Author_Institution :
Dept. Sch. of Inf. Eng., Zhengzhou Univ., Zhengzhou, China
Abstract :
To realize the detection of the compromised machines in the botnet, TRW (Threshold Random Walk) algorithm was deliberated. And then the similarity of the inbound packets payload and the time distance of the inbound-outbound packets pair between the compromised machines would be evaluated and induced to an overall similarity, which is also called similarity factor, and to substitute in to the modified TRW algorithm. The result of the experiments had proved that modified algorithm could distinctly minimized the number of the time windows, and also proved the feasibility, validity and accuracy of the algorithm used in the detection of compromised machines in the local area network detection.
Keywords :
computer network security; invasive software; local area networks; random processes; TRW; botnet; compromised machine detection algorithm; inbound packets payload; inbound-outbound packets pair; local area network detection; similarity factor; threshold random walk algorithm; Detection algorithms; Equations; Local area networks; Mathematical model; Monitoring; Payloads; Time measurement; TRW algorithm; botnet; compromised machines; similarity;
Conference_Titel :
Artificial Intelligence, Management Science and Electronic Commerce (AIMSEC), 2011 2nd International Conference on
Conference_Location :
Deng Leng
Print_ISBN :
978-1-4577-0535-9
DOI :
10.1109/AIMSEC.2011.6011268
