@inproceedings{a0fe386f91704d78a0ee549a38caf27b,
title = "An immunological model for detecting bot activities",
abstract = "We develop a hierarchical immunological model to detect bot activities in a computer network. In the proposed model antibody (detector)-antigen (foreign object) reactions are defined using negative selection based approach and negative systems-properties are defined by various temporal as well as non-temporal systems features. Theory of sequential hypothesis testing has been used in the literature for identifying spatial-temporal correlations among malicious remote hosts and among the bots within a botnet. We use it for combining multiple immunocomputing based decisions too. Negative selection based approach defines a self and helps identifying non-selves. We define non-selves with respect to various systems characteristics and then use different combinations of non-selves to design bot detectors. Each detector operates at the client sites of the network under surveillance. A match with any of the detectors suggests presence of a bot. Preliminary results suggest that the proposed model based solutions c n improve the identification of bot activities.",
keywords = "Botnet, Immunocomputing, Negative selection algorithm, Spatial-temporal correlation",
author = "Karim, {Md E.} and Phoha, {Vir V.} and Sultan, {Md A.}",
year = "2009",
doi = "10.1117/12.819073",
language = "English (US)",
isbn = "9780819476180",
series = "Proceedings of SPIE - The International Society for Optical Engineering",
number = "1",
booktitle = "Intelligent Sensing, Situation Management, Impact Assessment, and Cyber-Sensing",
edition = "1",
note = "Intelligent Sensing, Situation Management, Impact Assessment, and Cyber-Sensing ; Conference date: 15-04-2009 Through 17-04-2009",
}