Title :
An efficient false alarm reduction approach in HTTP-based botnet detection
Author :
Eslahi, Meisam ; Hashim, Habibah ; Tahir, Nooritawati Md
Author_Institution :
Comput. Syst. & Technol. Dept., Univ. of Malaya, Kuala Lumpur, Malaysia
Abstract :
In recent years, bots and botnets have become one of the most dangerous infrastructure to carry out nearly every type of cyber-attack. Their dynamic and flexible nature along with sophisticated mechanisms makes them difficult to detect. One of the latest generations of botnet, called HTTP-based, uses the standard HTTP protocol to impersonate normal web traffic and bypass the current network security systems (e.g. firewalls). Besides, HTTP protocol is commonly used by normal applications and services on the Internet, thus detection of the HTTP botnets with a low rate of false alarms (e.g. false negative and false positive) has become a notable challenge. In this paper, we review the current studies on HTTP-based botnet detection in addition to their shortcomings. We also propose a detection approach to improve the HTTP-based botnet detection regarding the rate of false alarms and the detection of HTTP bots with random patterns. The testing result shows that the proposed method is able to reduce the false alarm rates in HTTP-based botnet detection successfully.
Keywords :
computer network security; telecommunication traffic; transport protocols; HTTP protocol; HTTP-based botnet detection; Internet; cyber-attack; false alarm rates; false alarm reduction; false alarms; network security systems; normal Web traffic; Command and control systems; Computers; Filtering algorithms; Internet; Protocols; Security; Servers; Botnet Detection; Command and Control Mechanism; False Alarm Rate; HTTP Botnet; Network Security;
Conference_Titel :
Computers & Informatics (ISCI), 2013 IEEE Symposium on
Conference_Location :
Langkawi
Print_ISBN :
978-1-4799-0209-5
DOI :
10.1109/ISCI.2013.6612403
