• DocumentCode
    3368998
  • Title

    Detecting HTTP-Based Botnet Based on Characteristic of the C & C Session Using by SVM

  • Author

    Yamauchi, Kazuto ; Hori, Yoichi ; Sakurai, Kimio

  • Author_Institution
    Dept. of Inf., Kyushu Univ. /ISIT, Japan
  • fYear
    2013
  • fDate
    25-26 July 2013
  • Firstpage
    63
  • Lastpage
    68
  • Abstract
    With the spread of computer, the increase of malwareis a serious problem. In some malware, damage caused by bot net is a serious problem. Botnets perform the attack by remote control. The purpose of the present work is to suppress the bot net activity by detecting the C&C traffic through well-suited observations. There already exists many detection techniques, most of which focus on IRC-based bot net, and very little focus on HTTP-based bot net, even less, which include comparisons between both detection techniques. In this work, we focus on the HTTP-based bot net, and in order to classify normal HTTP session and C&C session, we make use of Support Vector Machine.
  • Keywords
    Internet; hypermedia; invasive software; support vector machines; C&C session; HTTP-based botnet; IRC-based bot net; Internet; SVM; malware; normal HTTP session; remote control; support vector machine; Computers; Feature extraction; IP networks; Malware; Servers; Support vector machines; Vectors; C&C; HTTP-based botnet; Network security; SVM;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Security (Asia JCIS), 2013 Eighth Asia Joint Conference on
  • Conference_Location
    Seoul
  • Type

    conf

  • DOI
    10.1109/ASIAJCIS.2013.17
  • Filename
    6621653
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3368998