Title :
Detecting HTTP-Based Botnet Based on Characteristic of the C & C Session Using by SVM
Author :
Yamauchi, Kazuto ; Hori, Yoichi ; Sakurai, Kimio
Author_Institution :
Dept. of Inf., Kyushu Univ. /ISIT, Japan
Abstract :
With the spread of computer, the increase of malwareis a serious problem. In some malware, damage caused by bot net is a serious problem. Botnets perform the attack by remote control. The purpose of the present work is to suppress the bot net activity by detecting the C&C traffic through well-suited observations. There already exists many detection techniques, most of which focus on IRC-based bot net, and very little focus on HTTP-based bot net, even less, which include comparisons between both detection techniques. In this work, we focus on the HTTP-based bot net, and in order to classify normal HTTP session and C&C session, we make use of Support Vector Machine.
Keywords :
Internet; hypermedia; invasive software; support vector machines; C&C session; HTTP-based botnet; IRC-based bot net; Internet; SVM; malware; normal HTTP session; remote control; support vector machine; Computers; Feature extraction; IP networks; Malware; Servers; Support vector machines; Vectors; C&C; HTTP-based botnet; Network security; SVM;
Conference_Titel :
Information Security (Asia JCIS), 2013 Eighth Asia Joint Conference on
Conference_Location :
Seoul
DOI :
10.1109/ASIAJCIS.2013.17
