In recent years, the damage caused by botnets has increased and become a big problem. To solve this problem, we proposed a method to detect unjust C&C servers by using Hayashi's quantification theory class II. This method is able to detect unjust C&C servers, even if they are not included in a blacklist. However, it was predicted that the detection rate for this method decreases with passing time. Therefore, we have been continuing the investigation of the detection rate and adjusting the optimal detection method in different time periods. This paper deals with the results of an investigation for 2014. In addition, we newly introduce a method using a support vector machine (SVM) for comparison with quantification theory class II. We found that the detection rates by using quantification theory class II and those by the SVM are both very good, with very little difference in accuracy between them.
[1]
Susan Palwick,et al.
Fortune
,
2011,
Annals of Internal Medicine.
[2]
Meng-Han Tsai,et al.
C&C tracer: Botnet command and control behavior tracing
,
2011,
2011 IEEE International Conference on Systems, Man, and Cybernetics.
[3]
Ali A. Ghorbani,et al.
Automatic discovery of botnet communities on large-scale communication networks
,
2009,
ASIACCS '09.
[4]
Dae-il Jang,et al.
Analysis of HTTP2P botnet: case study waledac
,
2009,
2009 IEEE 9th Malaysia International Conference on Communications (MICC).
[5]
Hirotugu Akaike,et al.
Akaike's Information Criterion
,
2011,
International Encyclopedia of Statistical Science.