Hybrid Botnet Detection Based on Host and Network Analysis

<table class="table-group" id="tab7"><tr><td><table class="table"><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr class="thead"><td class="align_left">Feature number</td><td class="align_center">Behavior features</td></tr><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr><td class="align_left">1</td><td class="align_center">Creation of DLL or EXE in system directory</td></tr><tr><td class="align_left">2</td><td class="align_center">Creation of and set the value of AutoRun key in registry</td></tr><tr><td class="align_left">3</td><td class="align_center">Critical registry key modification</td></tr><tr><td class="align_left">4</td><td class="align_center">Active time of the bot process</td></tr><tr class="table-tr"><td colspan="2"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>List of selected artifacts for host monitor.</div>

Journal of Computer Networks and Communications

tab7

Table 7

Table 7: Hybrid Botnet Detection Based on Host and Network Analysis 