Research Article
Hybrid Botnet Detection Based on Host and Network Analysis
Table 3
List of selected artifacts for network monitor.
| Number | Artifact |
| 1 | Port source and destination | 2 | IP source and destination | 3 | Protocol (UDP or TCP) | 4 | HTTP method (POST or GET) | 5 | Total number of connections | 6 | Number of failed connections | 7 | First packet length | 8 | Packet size | 9 | Total number of packets | 10 | Number of input small packets | 11 | Number of output small packets |
|
|