Unsupervised detection of botnet activities using frequent pattern tree mining

A botnet is a network of remotely-controlled infected computers that can send spam, spread viruses, or stage denial-of-serviceattacks, without the consent of the computer owners. Since the beginning of the 21st century, botnet activities have steadilyincreased, becoming one of the major concerns for Internet security. In fact, botnet activities are becoming more and moredifficult to be detected, because they make use of Peer-to-Peer protocols (eMule, Torrent, Frostwire, Vuze, Skype and manyothers). To improve the detectability of botnet activities, this paper introduces the idea of association analysis in the field ofdata mining, and proposes a system to detect botnets based on the FP-growth (Frequent Pattern Tree) frequent item miningalgorithm. The detection system is composed of three parts: packet collection processing, rule mining, and statistical analysisof rules. Its characteristic feature is the rule-based classification of different botnet behaviors in a fast and unsupervisedfashion. The effectiveness of the approach is validated in a scenario with 11 Peer-to-Peer host PCs, 42063 Non-Peer-to-Peerhost PCs, and 17 host PCs with three different botnet activities (Storm, Waledac and Zeus). The recognition accuracy of theproposed architecture is shown to be above 94%. The proposed method is shown to improve the results reported in literature

Dynamic Behavior Investigation of a Novel Epidemic Model Based on COVID-19 Risk Area Categorization

This study establishes a compartment model for the categorized COVID-19 risk area. In this model, the compartments represent administrative regions at different transmission risk levels instead of individuals in traditional epidemic models. The county-level regions are partitioned into High-risk (H), Medium-risk (M), and Low-risk (L) areas dynamically according to the current number of confirmed cases. These risk areas are communicable by the movement of individuals. An LMH model is established with ordinary differential equations (ODEs). The basic reproduction number R0 is derived for the transmission of risk areas to determine whether the pandemic is controlled. The stability of this LHM model is investigated by a Lyapunov function and Poincare–Bendixson theorem. We prove that the disease-free equilibrium (R0 < 1) is globally asymptotically stable and the disease will die out. The endemic equilibrium (R0 > 1) is locally and globally asymptotically stable, and the disease will become endemic. The numerical simulation and data analysis support the previous theoretical proofs. For the first time, the compartment model is applied to investigate the dynamics of the transmission of the COVID-19 risk area. This work should be of great value in the development of precision region-specific containment strategies

Dynamic Behavior Investigation of a Novel Epidemic Model Based on COVID-19 Risk Area Categorization

This study establishes a compartment model for the categorized COVID-19 risk area. In this model, the compartments represent administrative regions at different transmission risk levels instead of individuals in traditional epidemic models. The county-level regions are partitioned into High-risk (H), Medium-risk (M), and Low-risk (L) areas dynamically according to the current number of confirmed cases. These risk areas are communicable by the movement of individuals. An LMH model is established with ordinary differential equations (ODEs). The basic reproduction number R0 is derived for the transmission of risk areas to determine whether the pandemic is controlled. The stability of this LHM model is investigated by a Lyapunov function and Poincare–Bendixson theorem. We prove that the disease-free equilibrium (R0 R0 > 1) is locally and globally asymptotically stable, and the disease will become endemic. The numerical simulation and data analysis support the previous theoretical proofs. For the first time, the compartment model is applied to investigate the dynamics of the transmission of the COVID-19 risk area. This work should be of great value in the development of precision region-specific containment strategies