Periodicity classification of HTTP traffic to detect HTTP Botnets
Recently, the HTTP based Botnet threat has become a serious challenge for security experts as Bots can be distributed quickly and stealthily. With the HTTP protocol, Bots hide their communication flows within the normal HTTP flows making them more stealthy and difficult to detect. Furthermore, since...
Published in: | ISCAIE 2015 - 2015 IEEE Symposium on Computer Applications and Industrial Electronics |
---|---|
Main Author: | |
Format: | Conference paper |
Language: | English |
Published: |
Institute of Electrical and Electronics Engineers Inc.
2015
|
Online Access: | https://www.scopus.com/inward/record.uri?eid=2-s2.0-84959056190&doi=10.1109%2fISCAIE.2015.7298339&partnerID=40&md5=ef0faf3ebc16f8a936d5d7a7316b728f |
id |
2-s2.0-84959056190 |
---|---|
spelling |
2-s2.0-84959056190 Eslahi M.; Rohmad M.S.; Nilsaz H.; Naseri M.V.; Tahir N.M.; Hashim H. Periodicity classification of HTTP traffic to detect HTTP Botnets 2015 ISCAIE 2015 - 2015 IEEE Symposium on Computer Applications and Industrial Electronics 10.1109/ISCAIE.2015.7298339 https://www.scopus.com/inward/record.uri?eid=2-s2.0-84959056190&doi=10.1109%2fISCAIE.2015.7298339&partnerID=40&md5=ef0faf3ebc16f8a936d5d7a7316b728f Recently, the HTTP based Botnet threat has become a serious challenge for security experts as Bots can be distributed quickly and stealthily. With the HTTP protocol, Bots hide their communication flows within the normal HTTP flows making them more stealthy and difficult to detect. Furthermore, since the HTTP service is being widely used by the Internet applications, it is not easy to block this service as a precautionary measure and other techniques are required to detect and deter the Bot menace. The HTTP Bots periodically connect to particular web pages or URLs to get commands and updates from the Botmaster. In fact, this identifiable periodic connection pattern has been used in several studies as a feature to detect HTTP Botnets. In this paper, we review the current studies on detection of periodic communications in HTTP Botnets as well as the shortcomings of these methods. Consequently, we propose three metrics to be used in identifying the types of communication patterns according to their periodicity. Test results show that in addition to detecting HTTP Botnet communication patterns with 80% accuracy, the proposed method is able to efficiently classify communication patterns into several periodicity categories. © 2015 IEEE. Institute of Electrical and Electronics Engineers Inc. English Conference paper |
author |
Eslahi M.; Rohmad M.S.; Nilsaz H.; Naseri M.V.; Tahir N.M.; Hashim H. |
spellingShingle |
Eslahi M.; Rohmad M.S.; Nilsaz H.; Naseri M.V.; Tahir N.M.; Hashim H. Periodicity classification of HTTP traffic to detect HTTP Botnets |
author_facet |
Eslahi M.; Rohmad M.S.; Nilsaz H.; Naseri M.V.; Tahir N.M.; Hashim H. |
author_sort |
Eslahi M.; Rohmad M.S.; Nilsaz H.; Naseri M.V.; Tahir N.M.; Hashim H. |
title |
Periodicity classification of HTTP traffic to detect HTTP Botnets |
title_short |
Periodicity classification of HTTP traffic to detect HTTP Botnets |
title_full |
Periodicity classification of HTTP traffic to detect HTTP Botnets |
title_fullStr |
Periodicity classification of HTTP traffic to detect HTTP Botnets |
title_full_unstemmed |
Periodicity classification of HTTP traffic to detect HTTP Botnets |
title_sort |
Periodicity classification of HTTP traffic to detect HTTP Botnets |
publishDate |
2015 |
container_title |
ISCAIE 2015 - 2015 IEEE Symposium on Computer Applications and Industrial Electronics |
container_volume |
|
container_issue |
|
doi_str_mv |
10.1109/ISCAIE.2015.7298339 |
url |
https://www.scopus.com/inward/record.uri?eid=2-s2.0-84959056190&doi=10.1109%2fISCAIE.2015.7298339&partnerID=40&md5=ef0faf3ebc16f8a936d5d7a7316b728f |
description |
Recently, the HTTP based Botnet threat has become a serious challenge for security experts as Bots can be distributed quickly and stealthily. With the HTTP protocol, Bots hide their communication flows within the normal HTTP flows making them more stealthy and difficult to detect. Furthermore, since the HTTP service is being widely used by the Internet applications, it is not easy to block this service as a precautionary measure and other techniques are required to detect and deter the Bot menace. The HTTP Bots periodically connect to particular web pages or URLs to get commands and updates from the Botmaster. In fact, this identifiable periodic connection pattern has been used in several studies as a feature to detect HTTP Botnets. In this paper, we review the current studies on detection of periodic communications in HTTP Botnets as well as the shortcomings of these methods. Consequently, we propose three metrics to be used in identifying the types of communication patterns according to their periodicity. Test results show that in addition to detecting HTTP Botnet communication patterns with 80% accuracy, the proposed method is able to efficiently classify communication patterns into several periodicity categories. © 2015 IEEE. |
publisher |
Institute of Electrical and Electronics Engineers Inc. |
issn |
|
language |
English |
format |
Conference paper |
accesstype |
|
record_format |
scopus |
collection |
Scopus |
_version_ |
1809677608919498752 |