An efficient false alarm reduction approach in HTTP-based botnet detection

• Published in: IEEE Symposium on Computers and Informatics, ISCI 2013
• Main Author: Eslahi M.; Hashim H.; Tahir N.M.
• Format: Conference paper
• Language: English
• Published: IEEE Computer Society 2013
• Online Access: https://www.scopus.com/inward/record.uri?eid=2-s2.0-84886463156&doi=10.1109%2fISCI.2013.6612403&partnerID=40&md5=a34d5bcc63bd85818f9231e78556e6c5

In recent years, bots and botnets have become one of the most dangerous infrastructure to carry out nearly every type of cyber-attack. Their dynamic and flexible nature along with sophisticated mechanisms makes them difficult to detect. One of the latest generations of botnet, called HTTP-based, uses the standard HTTP protocol to impersonate normal web traffic and bypass the current network security systems (e.g. firewalls). Besides, HTTP protocol is commonly used by normal applications and services on the Internet, thus detection of the HTTP botnets with a low rate of false alarms (e.g. false negative and false positive) has become a notable challenge. In this paper, we review the current studies on HTTP-based botnet detection in addition to their shortcomings. We also propose a detection approach to improve the HTTP-based botnet detection regarding the rate of false alarms and the detection of HTTP bots with random patterns. The testing result shows that the proposed method is able to reduce the false alarm rates in HTTP-based botnet detection successfully. © 2013 IEEE.