Performance Evaluation of DCA and SRC on a Single Bot Detection

Date Added: Dec 2009
Format: PDF

Malicious users try to compromise systems using new techniques. One of the recent techniques used by the attacker is to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These compromised machines are said to be infected with malicious software termed a "Bot". In this paper, the authors investigate the correlation of behavioural attributes such as key-logging and packet flooding behaviour to detect the existence of a single bot on a compromised machine by applying Spearman's Rank Correlation (SRC) algorithm and the Dendritic Cell Algorithm (DCA). They also compare the output results generated from these two methods to the detection of a single bot.