Detecting a botnet in a network

  title={Detecting a botnet in a network},
  author={Gianmarco Bet and Kay Bogerd and Rui M. Castro and Remco van der Hofstad},
  journal={Mathematical Statistics and Learning},
  • G. BetK. Bogerd R. Hofstad
  • Published 21 May 2020
  • Computer Science, Mathematics
  • Mathematical Statistics and Learning
We formalize the problem of detecting the presence of a botnet in a network as an hypothesis testing problem where we observe a single instance of a graph. The null hypothesis, corresponding to the absence of a botnet, is modeled as a random geometric graph where every vertex is assigned a location on a $d$-dimensional torus and two vertices are connected when their distance is smaller than a certain threshold. The alternative hypothesis is similar, except that there is a small number of… 

Figures from this paper



Community Detection in Sparse Random Networks

The problem of detecting a tight community in a sparse random network is considered, formalized as testing for the existence of a dense random subgraph in a random graph, and information theoretic lower bounds are derived.

Community detection in inhomogeneous random graphs.

An information theoretic lower bound is derived for this problem which shows that in some regimes the scan test is almost asymptotically optimal, and presents a scan test that is able to detect the presence of such a planted community.

Testing for high‐dimensional geometry in random graphs

The proof of the detection lower bound is based on a new bound on the total variation distance between a Wishart matrix and an appropriately normalized GOE matrix and a conjecture for the optimal detection boundary is made.

The bin-covering technique for thresholding random geometric graph properties

The main contribution is a simple analysis technique called bin-covering that is applied uniformly to get first known, (asymptotically) tight thresholds for each of these properties of G(n, r, ℓ) of interest: connectivity, coverage, and routing-stretch.

NetSpot: Spotting Significant Anomalous Regions on Dynamic Networks

The design of novel algorithms: an expensive, exhaustive algorithm, as well as an efficient approximation, called NetSpot, which solves large problem instances that are otherwise infeasible and is up to one order of magnitude faster in real data, while achieving less than 4% average relative error rate.

Survey on network-based botnet detection methods

This survey analyzes and compares the most important efforts carried out in a network-based detection area and concludes that the area has achieved great advances so far, but there are still many open problems.

Diameter and Broadcast Time of Random Geometric Graphs in Arbitrary Dimensions

It is proved that w.h.p. this algorithm informs every node in the largest connected component of an RGG within Θ(n1/d/r+logn) rounds, and the condition on the Euclidean distance above is essentially tight.

Spatial Networks

  • M. Barthelemy
  • Computer Science
    Encyclopedia of Social Network Analysis and Mining
  • 2014

Scale-free percolation

Abstract We formulate and study a model for inhomogeneous long-range percolation on Zd. Each vertex x?Zd is assigned a non-negative weight Wx, where (Wx)x?Zd are i.i.d. random variables.

Geometric Inhomogeneous Random Graphs