# Detecting a botnet in a network

@article{Bet2021DetectingAB, title={Detecting a botnet in a network}, author={Gianmarco Bet and Kay Bogerd and Rui M. Castro and Remco van der Hofstad}, journal={Mathematical Statistics and Learning}, year={2021} }

We formalize the problem of detecting the presence of a botnet in a network as an hypothesis testing problem where we observe a single instance of a graph. The null hypothesis, corresponding to the absence of a botnet, is modeled as a random geometric graph where every vertex is assigned a location on a $d$-dimensional torus and two vertices are connected when their distance is smaller than a certain threshold. The alternative hypothesis is similar, except that there is a small number of…

## References

SHOWING 1-10 OF 38 REFERENCES

### Community Detection in Sparse Random Networks

- Computer Science, Mathematics
- 2013

The problem of detecting a tight community in a sparse random network is considered, formalized as testing for the existence of a dense random subgraph in a random graph, and information theoretic lower bounds are derived.

### Community detection in inhomogeneous random graphs.

- Mathematics, Computer Science
- 2019

An information theoretic lower bound is derived for this problem which shows that in some regimes the scan test is almost asymptotically optimal, and presents a scan test that is able to detect the presence of such a planted community.

### Testing for high‐dimensional geometry in random graphs

- Computer Science, MathematicsRandom Struct. Algorithms
- 2016

The proof of the detection lower bound is based on a new bound on the total variation distance between a Wishart matrix and an appropriately normalized GOE matrix and a conjecture for the optimal detection boundary is made.

### The bin-covering technique for thresholding random geometric graph properties

- Computer ScienceSODA '05
- 2005

The main contribution is a simple analysis technique called bin-covering that is applied uniformly to get first known, (asymptotically) tight thresholds for each of these properties of G(n, r, ℓ) of interest: connectivity, coverage, and routing-stretch.

### NetSpot: Spotting Significant Anomalous Regions on Dynamic Networks

- Computer ScienceSDM
- 2013

The design of novel algorithms: an expensive, exhaustive algorithm, as well as an efficient approximation, called NetSpot, which solves large problem instances that are otherwise infeasible and is up to one order of magnitude faster in real data, while achieving less than 4% average relative error rate.

### Survey on network-based botnet detection methods

- Computer ScienceSecur. Commun. Networks
- 2014

This survey analyzes and compares the most important efforts carried out in a network-based detection area and concludes that the area has achieved great advances so far, but there are still many open problems.

### Diameter and Broadcast Time of Random Geometric Graphs in Arbitrary Dimensions

- Mathematics, Computer ScienceAlgorithmica
- 2012

It is proved that w.h.p. this algorithm informs every node in the largest connected component of an RGG within Θ(n1/d/r+logn) rounds, and the condition on the Euclidean distance above is essentially tight.

### Scale-free percolation

- Mathematics
- 2011

Abstract We formulate and study a model for inhomogeneous long-range percolation on Zd. Each vertex x?Zd is assigned a non-negative weight Wx, where (Wx)x?Zd are i.i.d. random variables.…