Abstract
Botnet malware is a malicious activity that needs to be detected accurately. Several botnet detection models have been introduced using a mining-based method. The distribution analysis approach is often used to obtain the characteristics of the data before modeling it on a mining-based detection model. However, the distribution approach could be more optimal in describing the timeliness of botnet attacks. The botnet attack time analysis is needed to determine the right detection model for the botnet activity detection model. This paper proposes a new overview technique for botnet datasets using a statistical approach based on time gap analysis for each bot. The goal is to obtain a threshold value that can optimally separate botnet activity traffic from normal traffic. The experimental result is three different time gap threshold values to separate the botnet, normal, and background activity, ideally based on the highest time of 4,756 s, the lowest time of 28.69 s, and the average maximum time gap of 810.61 s.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
