Performance evaluation of DCA and SRC on a single bot detection
Malicious users try to compromise systems using new techniques. One of the recent techniques used by the attacker is to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These compromised machines are said to be infected with mal...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Published: |
2010
|
| Online Access: | https://eprints.nottingham.ac.uk/1284/ |
| _version_ | 1848790576883826688 |
|---|---|
| author | Al-Hammadi, Yousof Aickelin, Uwe Greensmith, Julie |
| author_facet | Al-Hammadi, Yousof Aickelin, Uwe Greensmith, Julie |
| author_sort | Al-Hammadi, Yousof |
| building | Nottingham Research Data Repository |
| collection | Online Access |
| description | Malicious users try to compromise systems using new techniques. One of the recent techniques used by the attacker is to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These compromised machines are said to be infected with malicious software termed a “bot”. In this paper, we investigate the correlation of behavioural attributes such as keylogging and packet flooding behaviour to detect the existence of a single bot on a compromised machine by applying (1) Spearman’s rank correlation
(SRC) algorithm and (2) the Dendritic Cell Algorithm (DCA). We also compare the output results generated from these two methods to the detection of a single bot. The results show that the DCA has a better performance in detecting malicious activities. |
| first_indexed | 2025-11-14T18:14:49Z |
| format | Article |
| id | nottingham-1284 |
| institution | University of Nottingham Malaysia Campus |
| institution_category | Local University |
| last_indexed | 2025-11-14T18:14:49Z |
| publishDate | 2010 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | nottingham-12842020-05-04T20:25:13Z https://eprints.nottingham.ac.uk/1284/ Performance evaluation of DCA and SRC on a single bot detection Al-Hammadi, Yousof Aickelin, Uwe Greensmith, Julie Malicious users try to compromise systems using new techniques. One of the recent techniques used by the attacker is to perform complex distributed attacks such as denial of service and to obtain sensitive data such as password information. These compromised machines are said to be infected with malicious software termed a “bot”. In this paper, we investigate the correlation of behavioural attributes such as keylogging and packet flooding behaviour to detect the existence of a single bot on a compromised machine by applying (1) Spearman’s rank correlation (SRC) algorithm and (2) the Dendritic Cell Algorithm (DCA). We also compare the output results generated from these two methods to the detection of a single bot. The results show that the DCA has a better performance in detecting malicious activities. 2010 Article PeerReviewed Al-Hammadi, Yousof, Aickelin, Uwe and Greensmith, Julie (2010) Performance evaluation of DCA and SRC on a single bot detection. Journal of Information Assurance and Security, 5 (1). pp. 265-275. ISSN 1554-1010 http://www.mirlabs.org/jias/index.html |
| spellingShingle | Al-Hammadi, Yousof Aickelin, Uwe Greensmith, Julie Performance evaluation of DCA and SRC on a single bot detection |
| title | Performance evaluation of DCA and SRC on a single bot detection |
| title_full | Performance evaluation of DCA and SRC on a single bot detection |
| title_fullStr | Performance evaluation of DCA and SRC on a single bot detection |
| title_full_unstemmed | Performance evaluation of DCA and SRC on a single bot detection |
| title_short | Performance evaluation of DCA and SRC on a single bot detection |
| title_sort | performance evaluation of dca and src on a single bot detection |
| url | https://eprints.nottingham.ac.uk/1284/ https://eprints.nottingham.ac.uk/1284/ |