Detecting a botnet in a network

We formalize the problem of detecting presence a botnet in network as hypothesis testing where we observe single instance graph. The null hypothesis, corresponding to absence botnet, is modeled random geometric graph every vertex assigned location on $d$-dimensional torus and two vertices are connected when their distance smaller than certain threshold. alternative similar, except that there small number vertices, called ignore this structure simply connect randomly other with prescribed probability. present tests able detect such botnet. first test based idea tend form large isolated stars not under hypothesis. second uses average distance, which becomes significantly shorter show both these asymptotically optimal. However, numerical simulations star performs better networks moderate size. Finally, construct robust scheme also identify