|
| Evaluation group | Attribute value | Index | Description | Score |
|
| Service | Accuracy | Low | Detection accuracy of botnet is below 70% | 0.7 |
| Middle | Detection accuracy is between 70% and 80% | 0.8 |
| High | Detection accuracy is above 90% | 0.9 |
| Very high | Detection accuracy is above 95% | 0.95 |
| Scenes | General | General botnet detection | 0.9 |
| Special | Special botnet detection | 0.8 |
| Stage | Early | Refers to detection during the botnet propagation or addressing phase | 0.7 |
| Interaction | Refers to testing at the interactive stage | 0.5 |
|
| Intelligent | Automation | Low | Professionals are required to manually extract features | 0.5 |
| Middle | Partial feature automatic extraction | 0.7 |
| High | Fully automated feature extraction | 0.9 |
| Adaptation | Low | Cannot detect unknown botnets | 0.6 |
| High | Can detect unknown botnets | 0.9 |
| Real time | No | Failed to perform real-time detection | 0.6 |
| ā | Yes | Real-time detection possible | 0.9 |
|
| Collaboration | Architecture | Centralized | Centralized inspection system architecture | 0.6 |
| Distributed | Distributed detection system architecture, better flexibility | 0.9 |
| Content | Single | Detect single data such as host, log, or traffic information | 0.7 |
| Multiple | Detect multiple data such as host logs, network traffic, and codes | 0.9 |
| Integration | No | Adopt a single approach | 0.7 |
| Yes | Adopt a variety of approaches | 0.9 |
|
| Assistant | Latency | No | Cannot detect deep latent BOT | 0.6 |
| Yes | Can detect deep latent BOT | 0.8 |
| Cost | Low | Normal power consumption | 0.9 |
| Middle | Hardware requirements such as GPU | 0.7 |
| High | More detectors are deployed, requiring more hardware and bandwidth resources | 0.5 |
| Visualization | No | No visual display | 0.5 |
| Yes | Visualize data information or botnet detection through visualization methods | 0.6 |
|
