Advertisement

Conformal Clustering and Its Application to Botnet Traffic

  • Giovanni Cherubin
  • Ilia Nouretdinov
  • Alexander Gammerman
  • Roberto Jordaney
  • Zhi Wang
  • Davide Papini
  • Lorenzo Cavallaro
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9047)

Abstract

The paper describes an application of a novel clustering technique based on Conformal Predictors. Unlike traditional clustering methods, this technique allows to control the number of objects that are left outside of any cluster by setting up a required confidence level. This paper considers a multi-class unsupervised learning problem, and the developed technique is applied to bot-generated network traffic. An extended set of features describing the bot traffic is presented and the results are discussed.

Keywords

Information security Botnet Confident prediction Conformal prediction Clustering 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Elfeky, M.G., Aref, W.G., Elmagarmid, A.K.: Periodicity detection in time series databases. IEEE Transactions on Knowledge and Data Engineering 17(7), 875–887 (2005)CrossRefGoogle Scholar
  2. 2.
    Enders, W.: Applied econometric time series (1995)Google Scholar
  3. 3.
    Gammerman, A., Vovk, V.: Hedging predictions in machine learning. The Computer Journal 50(2), 151–163 (2007)CrossRefGoogle Scholar
  4. 4.
    Laxhammar, R., Falkman, G.: Sequential conformal anomaly detection in trajectories based on hausdorff distance. In: 2011 Proceedings of the 14th International Conference on Information Fusion (FUSION), pp. 1–8. IEEE (2011)Google Scholar
  5. 5.
    Lei, J., Rinaldo, A., Wasserman, L.: A conformal prediction approach to explore functional data. Annals of Mathematics and Artificial Intelligence, pp. 1–15 (2013)Google Scholar
  6. 6.
    Van der Maaten, L., Hinton, G.: Visualizing data using t-sne. Journal of Machine Learning Research 9(2579–2605), 85 (2008)Google Scholar
  7. 7.
    Manning, C.D., Raghavan, P., Schütze, H.: Introduction to information retrieval, vol. 1. Cambridge University Press, Cambridge (2008) CrossRefzbMATHGoogle Scholar
  8. 8.
    Smith, J., Nouretdinov, I., Craddock, R., Offer, C., Gammerman, A.: Anomaly Detection of Trajectories with Kernel Density Estimation by Conformal Prediction. In: Iliadis, L., Maglogiannis, I., Papadopoulos, H., Sioutas, S., Makris, C. (eds.) Artificial Intelligence Applications and Innovations. IFIP AICT, vol. 437, pp. 271–280. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  9. 9.
    Tegeler, F., Fu, X., Vigna, G., Kruegel, C.: Botfinder: Finding bots in network traffic without deep packet inspection. In: Proceedings of the 8th International Conference on Emerging Networking Experiments and Technologies, pp. 349–360. ACM (2012)Google Scholar
  10. 10.
    Vovk, V., Gammerman, A., Shafer, G.: Algorithmic learning in a random world. Springer (2005)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Giovanni Cherubin
    • 1
    • 2
  • Ilia Nouretdinov
    • 1
  • Alexander Gammerman
    • 1
  • Roberto Jordaney
    • 2
  • Zhi Wang
    • 2
  • Davide Papini
    • 2
  • Lorenzo Cavallaro
    • 2
  1. 1.Computer Learning Research Centre and Computer Science DepartmentRoyal Holloway University of LondonSurreyUK
  2. 2.Systems Security Research Lab and Information Security GroupRoyal Holloway University of LondonSurreyUK

Personalised recommendations