Title :
Analysis and detection of malicious data exfiltration in web traffic
Author :
Al-Bataineh, Areej ; White, Gannon
Author_Institution :
Dept. of Comput. Sci., Univ. of Texas at San Antonio, San Antonio, TX, USA
Abstract :
Data stealing botnets pose a great risk to the security of networks and the privacy of their users. Most of these botnets use the web as a medium for communication, making them difficult to detect given that web traffic constitutes about 70% of Internet traffic. In addition, they use obfuscation techniques, primarily encryption, to hide their communications and data exfiltration attempts making current botnet detection techniques that depend on content inspection ineffective. In this paper, we present an analysis of the data stealing behaviors of one of the most notorious data stealing botnets, Zeus. In addition, we propose a classification algorithm to identify malicious data stealing attempts within web traffic. Our classifier uses entropy and byte frequency distribution of HTTP POST request contents as features. Our evaluation of the classifier shows high accuracy and high efficiency making it applicable at network perimeter monitoring devices and web proxies.
Keywords :
Internet; computer network security; data privacy; pattern classification; transport protocols; HTTP POST request content; Internet traffic; Web proxy; Web traffic; Zeus botnets; botnet detection technique; byte frequency distribution; classification algorithm; content inspection; data stealing behavior; data stealing botnet; encryption; entropy; hypertext transfer protocol; malicious data exfiltration analysis; malicious data exfiltration detection; network perimeter monitoring device; network security; obfuscation technique; user privacy; Encryption; Entropy; Feature extraction; Malware; Servers; Software;
Conference_Titel :
Malicious and Unwanted Software (MALWARE), 2012 7th International Conference on
Conference_Location :
Fajardo, PR
Print_ISBN :
978-1-4673-4880-5
DOI :
10.1109/MALWARE.2012.6461004
