Title :
Mining Botnet Behaviors on the Large-Scale Web Application Community
Author :
Garant, D. ; Wei Lu
Author_Institution :
Dept. of Comput. Sci., USNH, Keene, NH, USA
Abstract :
Botnets are networks of compromised computers controlled under a common command and control channel. Recognized as one of the most serious security threats on current Internet infrastructure, botnets are often hidden in existing applications, e.g. IRC, HTTP, or peer-to-peer, which makes botnet detection a challenging problem. In this paper we propose a new, centralized, fully-encrypted, botnet system called Weasel. A set of signatures are examined and formalized to differentiate the behaviors of Weasel and normal web applications. Through these signatures, we apply a set of data mining techniques to detect the web based botnet behaviors on a web application community formed on a campus backbone network. The proposed approach was evaluated with over 400 thousand flows collected over seven consecutive days on a large scale network and results show the proposed approach successfully detects the botnet flows with a high detection rate and an acceptably low false alarm rate.
Keywords :
Internet; computer network security; cryptography; data mining; HTTP; IRC; Internet infrastructure; Weasel; Web applications; Web based botnet behaviors; botnet behaviors mining; botnet detection; campus backbone network; centralized fully-encrypted botnet system; command and control channel; compromised computers; data mining techniques; large-scale Web application community; peer-to-peer; security threats; Computers; Cryptography; Electronic mail; Protocols; Servers; Web services; botnet; data mining; web;
Conference_Titel :
Advanced Information Networking and Applications Workshops (WAINA), 2013 27th International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-1-4673-6239-9
Electronic_ISBN :
978-0-7695-4952-1
DOI :
10.1109/WAINA.2013.235
