Hybrid Botnet Detection Based on Host and Network Analysis

<table class="table-group" id="tab8"><tr><td><table class="table"><tr><td class="thead-hr" colspan="4"><hr/></td></tr><tr class="thead"><td class="align_left">Time window</td><td class="align_center">Behavior feature</td><td class="align_center">Feature score</td><td class="align_center">Accumulated feature score</td></tr><tr><td class="thead-hr" colspan="4"><hr/></td></tr><tr><td class="align_left">win0</td><td class="align_center">EXE file creation</td><td class="align_center">1</td><td class="align_center">1</td></tr><tr><td class="align_left">win1</td><td class="align_center">AutoRun creation</td><td class="align_center">1</td><td class="align_center">2</td></tr><tr><td class="align_left">win2</td><td class="align_center">DLL file creation</td><td class="align_center">0</td><td class="align_center">2</td></tr><tr class="table-tr"><td colspan="4"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>Example of behavior vector of malicious process accumulation.</div>

Journal of Computer Networks and Communications

tab8

Table 8

Table 8: Hybrid Botnet Detection Based on Host and Network Analysis 