• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Conference on New Trends in Computing Sciences >Visualizing Clustered Botnet Traffic using t-SNE on Aggregated NetFlows
【24h】

Visualizing Clustered Botnet Traffic using t-SNE on Aggregated NetFlows

机译:在聚合的NetFlows上使用T-SNE可视化群集僵尸网络流量

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Dimensionality reduction techniques can be used to visualize high dimensionality data. In this paper, the use of such techniques has been studied to reduce the dimensionality of botnet data so that one can visualize it. Visualization process helps identifying botnet traffic from normal traffic using NetFlows only, in order to define a way to aggregate and extract the feature from known datasets. The key for aggregating flows method used in this paper is composed of four parts: the type of transport layer protocol, source address, and destination address and destination port. The source port is not part the aggregation key to derive features from it. The t-Distributed Stochastic Neighbor Embedding (t-SNE) is used to transform the dataset into distinct clusters of behaviors: Normal behaviors, botnet behaviors, and common behaviors. The proposed method would allow researchers to know where to start when they are handed thousands or millions of NetFlows.
机译:可以使用维度减少技术来可视化高维度数据。在本文中,已经研究了这种技术的使用以减少僵尸网络数据的维度,以便可以将其视为它。可视化过程有助于使用NetFlows识别来自正常流量的僵尸网络流量,以便定义聚合和从已知数据集中提取该功能的方法。本文使用的聚合流程方法的键由四个部分组成:传输层协议,源地址和目标地址和目标端口的类型。源端口不属于来自它的聚合键。 T分布式随机邻居嵌入(T-SNE)用于将数据集转换为不同的行为群集:正常行为,僵尸网络行为和常见行为。该方法将允许研究人员知道当他们交给千万或数百万云的地方开始的地方。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号