On botnet behaviour analysis using GP and C4.5

Created by W.Langdon from gp-bibliography.bib Revision:1.3973

@InProceedings{Haddadi:2014:GECCOcomp,
  author =       "Fariba Haddadi and Dylan Runkel and 
                 A. Nur Zincir-Heywood and Malcolm I. Heywood",
  title =        "On botnet behaviour analysis using GP and C4.5",
  booktitle =    "GECCO 2014 Workshop on genetic and evolutionary
                 computation in defense, security and risk management
                 (SecDef)",
  year =         "2014",
  editor =       "Anna I Esparcia-Alcazar and Frank W. Moore",
  isbn13 =       "978-1-4503-2881-4",
  keywords =     "genetic algorithms, genetic programming",
  pages =        "1253--1260",
  month =        "12-16 " # jul,
  organisation = "SIGEVO",
  address =      "Vancouver, BC, Canada",
  URL =          "http://doi.acm.org/10.1145/2598394.2605435",
  DOI =          "doi:10.1145/2598394.2605435",
  publisher =    "ACM",
  publisher_address = "New York, NY, USA",
  abstract =     "Botnets represent a destructive cyber security threat
                 that aim to hide their malicious activities within
                 legitimate Internet traffic. Part of what makes botnets
                 so affective is that they often upgrade themselves over
                 time, hence reacting to improved detection mechanisms.
                 In addition, Internet common communication protocols
                 (i.e. HTTP) are used for the purposes of constructing
                 subversive communication channels. This work employs
                 machine learning algorithms (genetic programming and
                 decision trees) to detect distinct behaviours in
                 various botnets. That is to say, botnets mimic
                 legitimate HTTP traffic while actually serving botnet
                 purposes. To this end, two different feature sets are
                 employed and analysed to see how differences between
                 three botnets - Zeus, Conficker and Torpig - can be
                 distinguished. Specific recommendations are then made
                 regarding the utility of different feature sets and
                 machine learning algorithms for detecting each type of
                 botnet.",
  notes =        "Also known as \cite{2605435} Distributed at
                 GECCO-2014.",
}

Genetic Programming entries for Fariba Haddadi Dylan Runkel Nur Zincir-Heywood Malcolm Heywood

Citations