Analysis of HTTP2P botnet: case study waledac

Author

Jang, Dae-il ; Kim, Minsoo ; Jung, Hyun-Chul ; Noh, Bong-Nam

Author_Institution

Syst. Security Res. Center, Chonnam Nat. Univ., Gwangju, South Korea

fYear

2009

fDate

15-17 Dec. 2009

Firstpage

409

Lastpage

412

Abstract

Malicious botnet is evolving very quickly and using the many ways to evade detection system. The change of protocol is the most important part of the malicious botnet´s evolution and evasion techniques. The initial malicious botnet was using the IRC protocol for communication between the command and contorl server and the zombie system. After that they use the HTTP protocol on the firewall-friendly and the P2P protocol to escape a Client/Server architecture. Because Many researchers studied malicious HTTP or P2P botnet for detection, the malicious botnet began to use the distorted communication method called HTTP2P. In this paper, we study the malicious HTTP2P botnet, and we will give to help malicious HTTP2P botnet detection by analyzing waledac botnet.

Keywords

client-server systems; peer-to-peer computing; security of data; transport protocols; HTTP protocol; HTTP2P botnet; IRC protocol; P2P protocol; Waledac case study; client-server architecture; distorted communication method; malicious botnet; zombie system; Communication system security; Information analysis; Information security; Internet; National security; Network servers; Protocols; Telecommunication traffic; Topology; Web server; Analysis; Botnet; Detection; HTTP2P; Waledac;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications (MICC), 2009 IEEE 9th Malaysia International Conference on

Conference_Location

Kuala Lumpur

Print_ISBN

978-1-4244-5531-7

Type

conf

DOI

10.1109/MICC.2009.5431541

Filename

5431541