Research Article
Hybrid Botnet Detection Based on Host and Network Analysis
Table 8
Example of behavior vector of malicious process accumulation.
| Time window | Behavior feature | Feature score | Accumulated feature score |
| win0 | EXE file creation | 1 | 1 | win1 | AutoRun creation | 1 | 2 | win2 | DLL file creation | 0 | 2 |
|
|