Title :
Modeling Connections Behavior for Web-Based Bots Detection
Author :
Wang, Binbin ; Li, Zhitang ; Li, Dong ; Liu, Feng ; Chen, Hao
Author_Institution :
Sch. of Comput. Sci. & Technol., Huazhong Univ. of Sci. & Technol., Wuhan, China
Abstract :
Botnet has become a prevalent platform for malicious attacks, which poses a significant threat to Internet security. Recently, botnets are inclined to utilize HTTP to route their command and control (C&C) communication instead of using the protocol Internet Relay Chat (IRC). And these web-based C&C bots try to blend into normal HTTP traffic, which makes them more difficult to be identified. In this work, we propose an automatic approach to identify web-based C&C bots by modeling the essential network behavior of web-based bots in supervised network. Experimental results show the proposed approach is very efficient and can detect web-base bots with low false positive ratio.
Keywords :
Internet; command and control systems; hypermedia; relays; security of data; telecommunication security; telecommunication traffic; transport protocols; HTTP; Internet relay chat; Internet security; Web-based bots detection; botnet; command and control communication; malicious attacks; modeling connection behavior; supervised network; Automatic control; Command and control systems; Communication system control; Communication system traffic control; Computer science; Internet; Intrusion detection; Protocols; Relays; Web server;
Conference_Titel :
e-Business and Information System Security (EBISS), 2010 2nd International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-5893-6
Electronic_ISBN :
978-1-4244-5895-0
DOI :
10.1109/EBISS.2010.5473532
