Title :
Web botnet detection based on flow information
Author :
Chen, Chia-Mei ; Ou, Ya-Hui ; Tsai, Yu-Chou
Author_Institution :
Dept. of Inf. Manage., Nat. Sun Yat-Sen Univ., Kaohsiung, Taiwan
Abstract :
Botnets are a combination of cyber attack, infection, and dissemination, and they become one of the most severe threats on the Internet. Cross the Internet, the infected host might launch any kind of attacks such as DDoS (Distributed Denial-of-Service) or Phishing. Comparing with botnets using other command-and-control (C&C) channels, web-based botnets are difficult to detect, because the C&C messages of web botnet are spread over HTTP protocol hiding behind normal flows. Most previous work tackles IRC-based botnet detection, while this study analyzes web botnet behaviors and develops a detection mechanism based on anomaly web flow traffic over an administrative network domain. Web bots exhibit routine and regular web connections which can be used to identify unusual web flow in a network. The experimental results show that the proposed approach can detect web botnets efficiently both in the simulated networks and a real campus network.
Keywords :
Internet; computer network security; invasive software; transport protocols; HTTP protocol; IRC based botnet detection; Internet; Web botnet detection; campus network; command-and-control channels; distributed denial-of-service; flow information; phishing; Computer crime; Conferences; Internet; Local area networks; Malware; Protocols; Servers; Botnet; Botnet Detection; Web-based Botnet;
Conference_Titel :
Computer Symposium (ICS), 2010 International
Conference_Location :
Tainan
Print_ISBN :
978-1-4244-7639-8
DOI :
10.1109/COMPSYM.2010.5685482
