A method for botnet detection from traffic data of the Internet by the Non-negative Matrix Factorization (NMF) was proposed by (Yamauchi et al. 2012). This method assumes that traffic data is composed by several types of communications, and estimates the number of types in the data by the minimum description length (MDL) criterion. However, consideration on the MDL criterion was not sufficient and validity has not been guaranteed. In this paper, we refine the MDL criterion for NMF and report results of experiments for the new MDL criterion on synthetic and real data.
展开▼
机译:(Yamauchi et al。2012)提出了一种通过非负矩阵分解(NMF)从Internet的流量数据中进行僵尸网络检测的方法。此方法假定交通数据由几种类型的通信组成,并根据最小描述长度(MDL)准则估算数据中的类型数。但是,对MDL标准的考虑还不够,不能保证有效性。在本文中,我们完善了NMF的MDL准则,并报告了针对合成和真实数据的新MDL准则的实验结果。
展开▼