For the fast-flux network, the equivalent distribution of nodes in each time region was measured by the combination of spatial distribution estimation and spatial service relationship evaluation
For Internet of Things botnet DGA, a rapid classification of NXDOMAIN (a large set of random nonexistent domain names) query stream was created by using a threshold random walk (TRW) to create an opportunity to break a C&C connection
Threshold random walk
Collected data itself
(i) Not relying on expert knowledge
(i) Statistics cannot be applied to heterogeneous data, only to quantitative data
According to the periodic communication behavior of botnet, based on sequential hypothesis periodic communication detection, a fast quantum search algorithm Grover quantum state was introduced to better realize parallel processing
Grover
Mixed 10 datasets
(i) Random periodic behavior can be detected
(i) Difficult to resist traffic-based adversarial learning
