Security and Communication Networks

Research Article

A Hybrid Association Rule-Based Method to Detect and Classify Botnets

Table 4

Selection of global correlation features.
CategoryDescription
TTL valueA recorded survival time
NS recorded survival time
The diversity of ASNDiversity of ASN (autonomous domain number) of IP address in a record
Diversity of ASN (autonomous domain number) of IP addresses in NS records
Number of IP addressesNumber of IP addresses in the a record
Number of name server IP addresses in NS records