Survival Analysis on Botnet C&C Traffic by Tongyu Zhou ’20, Wednesday, November 13, Statistics Colloquium, 1:10 – 1:50 pm, Stetson Court Classroom 105
Abstract: The persistence of botnet command and control (C&C) networks, a malicious web of devices connected through the Internet to perform attacks and steal data, continues to pose a threat to online communications. One way to effectively derive mitigation strategies is to study C&C lifetime, identify related risk factors, and analyze these risks using techniques in survival analysis. In this talk, I will start by presenting the basics of survival analysis and discuss how it differs from other statistical analyses. I will then introduce the Kaplan-Meier estimate of the survival function and explain how it can be applied to investigate C&C survival ratios. This can be used to distinguish them from normal traffic at the exploration stage. I will then introduce the Cox proportional hazard model which relates survival time to potential risk factors. In the C&C case, applying the lasso penalized version of the model helps to identify important factors such as location, malware type, and hosting type that may contribute to C&C lifetime variety.