Title :
Analysis of HTTP2P botnet: case study waledac
Author :
Jang, Dae-il ; Kim, Minsoo ; Jung, Hyun-Chul ; Noh, Bong-Nam
Author_Institution :
Syst. Security Res. Center, Chonnam Nat. Univ., Gwangju, South Korea
Abstract :
Malicious botnet is evolving very quickly and using the many ways to evade detection system. The change of protocol is the most important part of the malicious botnet´s evolution and evasion techniques. The initial malicious botnet was using the IRC protocol for communication between the command and contorl server and the zombie system. After that they use the HTTP protocol on the firewall-friendly and the P2P protocol to escape a Client/Server architecture. Because Many researchers studied malicious HTTP or P2P botnet for detection, the malicious botnet began to use the distorted communication method called HTTP2P. In this paper, we study the malicious HTTP2P botnet, and we will give to help malicious HTTP2P botnet detection by analyzing waledac botnet.
Keywords :
client-server systems; peer-to-peer computing; security of data; transport protocols; HTTP protocol; HTTP2P botnet; IRC protocol; P2P protocol; Waledac case study; client-server architecture; distorted communication method; malicious botnet; zombie system; Communication system security; Information analysis; Information security; Internet; National security; Network servers; Protocols; Telecommunication traffic; Topology; Web server; Analysis; Botnet; Detection; HTTP2P; Waledac;
Conference_Titel :
Communications (MICC), 2009 IEEE 9th Malaysia International Conference on
Conference_Location :
Kuala Lumpur
Print_ISBN :
978-1-4244-5531-7
DOI :
10.1109/MICC.2009.5431541
