Periodicity classification of HTTP traffic to detect HTTP Botnets

Recently, the HTTP based Botnet threat has become a serious challenge for security experts as Bots can be distributed quickly and stealthily. With the HTTP protocol, Bots hide their communication flows within the normal HTTP flows making them more stealthy and difficult to detect. Furthermore, since...

Full description

Bibliographic Details
Published in:ISCAIE 2015 - 2015 IEEE Symposium on Computer Applications and Industrial Electronics
Main Author: Eslahi M.; Rohmad M.S.; Nilsaz H.; Naseri M.V.; Tahir N.M.; Hashim H.
Format: Conference paper
Language:English
Published: Institute of Electrical and Electronics Engineers Inc. 2015
Online Access:https://www.scopus.com/inward/record.uri?eid=2-s2.0-84959056190&doi=10.1109%2fISCAIE.2015.7298339&partnerID=40&md5=ef0faf3ebc16f8a936d5d7a7316b728f
id 2-s2.0-84959056190
spelling 2-s2.0-84959056190
Eslahi M.; Rohmad M.S.; Nilsaz H.; Naseri M.V.; Tahir N.M.; Hashim H.
Periodicity classification of HTTP traffic to detect HTTP Botnets
2015
ISCAIE 2015 - 2015 IEEE Symposium on Computer Applications and Industrial Electronics


10.1109/ISCAIE.2015.7298339
https://www.scopus.com/inward/record.uri?eid=2-s2.0-84959056190&doi=10.1109%2fISCAIE.2015.7298339&partnerID=40&md5=ef0faf3ebc16f8a936d5d7a7316b728f
Recently, the HTTP based Botnet threat has become a serious challenge for security experts as Bots can be distributed quickly and stealthily. With the HTTP protocol, Bots hide their communication flows within the normal HTTP flows making them more stealthy and difficult to detect. Furthermore, since the HTTP service is being widely used by the Internet applications, it is not easy to block this service as a precautionary measure and other techniques are required to detect and deter the Bot menace. The HTTP Bots periodically connect to particular web pages or URLs to get commands and updates from the Botmaster. In fact, this identifiable periodic connection pattern has been used in several studies as a feature to detect HTTP Botnets. In this paper, we review the current studies on detection of periodic communications in HTTP Botnets as well as the shortcomings of these methods. Consequently, we propose three metrics to be used in identifying the types of communication patterns according to their periodicity. Test results show that in addition to detecting HTTP Botnet communication patterns with 80% accuracy, the proposed method is able to efficiently classify communication patterns into several periodicity categories. © 2015 IEEE.
Institute of Electrical and Electronics Engineers Inc.

English
Conference paper

author Eslahi M.; Rohmad M.S.; Nilsaz H.; Naseri M.V.; Tahir N.M.; Hashim H.
spellingShingle Eslahi M.; Rohmad M.S.; Nilsaz H.; Naseri M.V.; Tahir N.M.; Hashim H.
Periodicity classification of HTTP traffic to detect HTTP Botnets
author_facet Eslahi M.; Rohmad M.S.; Nilsaz H.; Naseri M.V.; Tahir N.M.; Hashim H.
author_sort Eslahi M.; Rohmad M.S.; Nilsaz H.; Naseri M.V.; Tahir N.M.; Hashim H.
title Periodicity classification of HTTP traffic to detect HTTP Botnets
title_short Periodicity classification of HTTP traffic to detect HTTP Botnets
title_full Periodicity classification of HTTP traffic to detect HTTP Botnets
title_fullStr Periodicity classification of HTTP traffic to detect HTTP Botnets
title_full_unstemmed Periodicity classification of HTTP traffic to detect HTTP Botnets
title_sort Periodicity classification of HTTP traffic to detect HTTP Botnets
publishDate 2015
container_title ISCAIE 2015 - 2015 IEEE Symposium on Computer Applications and Industrial Electronics
container_volume
container_issue
doi_str_mv 10.1109/ISCAIE.2015.7298339
url https://www.scopus.com/inward/record.uri?eid=2-s2.0-84959056190&doi=10.1109%2fISCAIE.2015.7298339&partnerID=40&md5=ef0faf3ebc16f8a936d5d7a7316b728f
description Recently, the HTTP based Botnet threat has become a serious challenge for security experts as Bots can be distributed quickly and stealthily. With the HTTP protocol, Bots hide their communication flows within the normal HTTP flows making them more stealthy and difficult to detect. Furthermore, since the HTTP service is being widely used by the Internet applications, it is not easy to block this service as a precautionary measure and other techniques are required to detect and deter the Bot menace. The HTTP Bots periodically connect to particular web pages or URLs to get commands and updates from the Botmaster. In fact, this identifiable periodic connection pattern has been used in several studies as a feature to detect HTTP Botnets. In this paper, we review the current studies on detection of periodic communications in HTTP Botnets as well as the shortcomings of these methods. Consequently, we propose three metrics to be used in identifying the types of communication patterns according to their periodicity. Test results show that in addition to detecting HTTP Botnet communication patterns with 80% accuracy, the proposed method is able to efficiently classify communication patterns into several periodicity categories. © 2015 IEEE.
publisher Institute of Electrical and Electronics Engineers Inc.
issn
language English
format Conference paper
accesstype
record_format scopus
collection Scopus
_version_ 1809677608919498752