摘要 |
Systems and methods for determining whether a computer belongs to a botnet. Message parameter data for messages sent by a first computer is collected over a time period. A first set of distribution data representing a statistical distribution of the messages received from the first computer is generated, the statistical distribution being based on at least one message parameter of the message parameter data. The first set of distribution data is compared with a second set of distribution data corresponding to a statistical distribution of messages sent by a plurality of other computers over the same time period. Based on similarity between the first set of distribution data and at least a portion of the second set of distribution data, whether the first computer belongs to a botnet is determined. |