A P2P Botnet detection scheme based on decision tree and adaptive multilayer neural networks

In recent years, Botnets have been adopted as a popular method to carry and spread many malicious codes on the Internet. These malicious codes pave the way to execute many fraudulent activities including spam mail, distributed denial-of-service attacks and click fraud. While many Botnets are set up using centralized communication architecture, the peer-to-peer (P2P) Botnets can adopt a decentralized architecture using an overlay network for exchanging command and control data making their detection even more difficult. This work presents a method of P2P Bot detection based on an adaptive multilayer feed-forward neural network in cooperation with decision trees. A classification and regression tree is applied as a feature selection technique to select relevant features. With these features, a multilayer feed-forward neural network training model is created using a resilient back-propagation learning algorithm. A comparison of feature set selection based on the decision tree, principal component analysis and the ReliefF algorithm indicated that the neural network model with features selection based on decision tree has a better identification accuracy along with lower rates of false positives. The usefulness of the proposed approach is demonstrated by conducting experiments on real network traffic datasets. In these experiments, an average detection rate of 99.08 % with false positive rate of 0.75 % was observed

Improved access to large medical databases for clinical research and quality improvement

Thesis (S.M.)--Massachusetts Institute of Technology, Whitaker College of Health Sciences and Technology, 1999.Includes bibliographical references (leaves 39-40).Computerized medical databases are now commonplace in healthcare environments. Information is routinely stored for each clinical encounter, be it an inpatient, outpatient, telephone, or even computer-based interaction. In the past, the vast majority of this data concerned the demographic and financial details of the encounter; however, more and more clinically relevant content is now being collected. Along with this increased amount of available data has come promises of improve patient care, easier clinical research studies, and enhanced efficiency and quality of healthcare institutions. In part, these promises have been kept; there are examples in the literature and in real-world medical environments in which care has improved through the use of data stores. The ease by which this information is accessed, displayed, and interpreted remains a significant problem, however. In addition, current data retrieval methods do not foster user "exploration" of the data, and thus limit its potential. The specific aim of this thesis has been the development of a new computer application ("Goldminer"), which provides for enhanced data retrieval, interpretation, and analysis by authorized personnel at large medical institutions. This application also provides for patient data privacy; unique patient identifiers are not disclosed in information requests, and routine logs of Goldminer's usage are kept for analysis by hospital administrative staff. The methods used in this work included the integration and mapping of disparate data sources to one central database, followed by the implementation of a group of simple "atomic" queries, which insulate users from the underlying database complexity. These queries include both population-based and temporal predicates, and are combinable to allow for arbitrarily complex data retrieval. All data have personal identifiers removed before presentation to the user. Goldminer will be deployed within the hospital Intranet as a web-based "point and click" tool, allowing for efficient data analysis and exploration by non-programming healthcare personnel.by Daniel J. Nigrin.S.M