ABSTRACT

We evaluate our technique on two di¡erent datasets. e ’rst dataset is generated by running SDBot, and the second one is generated by running RBot. Benign tra¨c collected from uninfected machines is mixed with the bot tra¨c in each dataset to simulate a mixture of benign and bot tra¨c. From each dataset, we aggregate network packets to ¸ows (i.e., connections). Each of these ªows is considered an event or an instance. Each instance is then tagged as either bot ªow or normal ªow depending on whether the ªow is between a bot and its C&C center or not.

Registered in England & Wales No. 3099067
5 Howick Place | London | SW1P 1WG© 2024 Informa UK Limited