Performance Evaluation of DCA and SRC on a Single Bot Detection
Yousof Al-Hammadi, Uwe Aickelin, Julie Greensmith
TL;DR
This paper compares the effectiveness of Dendritic Cell Algorithm (DCA) and Spearman's rank correlation (SRC) in detecting a single malicious bot on compromised machines by analyzing behavioral attributes.
Contribution
It introduces a comparative analysis of DCA and SRC algorithms for bot detection based on behavioral attribute correlation.
Findings
DCA outperforms SRC in detecting malicious activities.
Behavioral attribute correlation aids in identifying bots.
DCA shows higher accuracy in detection results.
Abstract
Malicious users try to compromise systems using new techniques. One of the recent techniques used by the attacker is to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These compromised machines are said to be infected with malicious software termed a "bot". In this paper, we investigate the correlation of behavioural attributes such as keylogging and packet flooding behaviour to detect the existence of a single bot on a compromised machine by applying (1) Spearman's rank correlation (SRC) algorithm and (2) the Dendritic Cell Algorithm (DCA). We also compare the output results generated from these two methods to the detection of a single bot. The results show that the DCA has a better performance in detecting malicious activities.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · Artificial Immune Systems Applications · Advanced Malware Detection Techniques