Detecting a botnet in a network

  title={Detecting a botnet in a network},
  author={Gianmarco Bet and Kay Bogerd and Rui M. Castro and Remco van der Hofstad},
  journal={Mathematical Statistics and Learning},
We formalize the problem of detecting the presence of a botnet in a network as an hypothesis testing problem where we observe a single instance of a graph. The null hypothesis, corresponding to the absence of a botnet, is modeled as a random geometric graph where every vertex is assigned a location on a $d$-dimensional torus and two vertices are connected when their distance is smaller than a certain threshold. The alternative hypothesis is similar, except that there is a small number of… 

Figures from this paper


Community Detection in Sparse Random Networks
We consider the problem of detecting a tight community in a sparse random network. This is formalized as testing for the existence of a dense random subgraph in a random graph. Under the null
Community detection in inhomogeneous random graphs.
We study the problem of detecting whether an inhomogeneous random graph contains a planted community. Specifically, we observe a single realization of a graph. Under the null hypothesis, this graph
Testing for high-dimensional geometry in random graphs
The proof of the detection lower bound is based on a new bound on the total variation distance between a Wishart matrix and an appropriately normalized GOE matrix and in the sparse regime, a conjecture for the optimal detection boundary is made.
The bin-covering technique for thresholding random geometric graph properties
The main contribution is a simple analysis technique called bin-covering that is applied uniformly to get first known, (asymptotically) tight thresholds for each of these properties of G(n, r, ℓ) of interest: connectivity, coverage, and routing-stretch.
NetSpot: Spotting Significant Anomalous Regions on Dynamic Networks
The design of novel algorithms: an expensive, exhaustive algorithm, as well as an efficient approximation, called NetSpot, which solves large problem instances that are otherwise infeasible and is up to one order of magnitude faster in real data, while achieving less than 4% average relative error rate.
Survey on network-based botnet detection methods
This survey analyzes and compares the most important efforts carried out in a network-based detection area and concludes that the area has achieved great advances so far, but there are still many open problems.
Diameter and Broadcast Time of Random Geometric Graphs in Arbitrary Dimensions
It is proved that w.h.p. is the diameter of the largest connected component of an RGG within Θ(n1/d/r+logn) rounds, and that for any two connected nodes with a minimum Euclidean distance of ω(logn), their graph distance is only a constant factor larger than their Euclidan distance.
Spatial Networks
This work will expose thoroughly the current state of the understanding of how the spatial constraints affect the structure and properties of these networks, and review the most recent empirical observations and the most important models of spatial networks.
Scale-free percolation
Abstract We formulate and study a model for inhomogeneous long-range percolation on Zd. Each vertex x?Zd is assigned a non-negative weight Wx, where (Wx)x?Zd are i.i.d. random variables.
Geometric Inhomogeneous Random Graphs
A sampling algorithm that generates a random graph from a hyperbolic random graphs model in expected linear time is provided, and it is established that GIRGs have a constant clustering coefficient and are able to compress using an expected linear number of bits.