Skip to main content

Research Repository

Advanced Search

Performance evaluation of DCA and SRC on a single bot detection

Al-Hammadi, Yousof; Aickelin, Uwe; Greensmith, Julie

Authors

Yousof Al-Hammadi yxa@cs.nott.ac.uk

Uwe Aickelin uwe.aickelin@nottingham.ac.uk



Abstract

Malicious users try to compromise systems using new techniques. One of the recent techniques used by the attacker is to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These compromised machines are said to be infected with malicious software termed a “bot”. In this paper, we investigate the correlation of behavioural attributes such as keylogging and packet flooding behaviour to detect the existence of a single bot on a compromised machine by applying (1) Spearman’s rank correlation
(SRC) algorithm and (2) the Dendritic Cell Algorithm (DCA). We also compare the output results generated from these two methods to the detection of a single bot. The results show that the DCA has a better performance in detecting malicious activities.

Citation

Al-Hammadi, Y., Aickelin, U., & Greensmith, J. (2010). Performance evaluation of DCA and SRC on a single bot detection

Journal Article Type Article
Publication Date Jan 1, 2010
Deposit Date Aug 10, 2011
Publicly Available Date Aug 10, 2011
Journal Journal of Information Assurance and Security
Electronic ISSN 1554-1010
Peer Reviewed Peer Reviewed
Volume 5
Issue 1
Public URL http://eprints.nottingham.ac.uk/id/eprint/1284
Publisher URL http://www.mirlabs.org/jias/index.html
Copyright Statement Copyright information regarding this work can be found at the following address: http://eprints.nottingham.ac.uk/end_user_agreement.pdf

Files


al-hammadi2010b.pdf (238 Kb)
PDF

Copyright Statement
Copyright information regarding this work can be found at the following address: http://eprints.nottingham.ac.uk/end_user_agreement.pdf





You might also like



Downloadable Citations