Botnet evolution: Network traffic indicators

M.R. Rostami; M. Eslahi; B. Shanmugam; Zakiah Ismail

doi:10.1109/ISBAST.2014.7013134

Botnet evolution: Network traffic indicators

M.R. Rostami, M. Eslahi, B. Shanmugam, Zakiah Ismail

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper published in Proceedings › peer-review

Abstract

In recent years, the HTTP has become dominant protocol among other protocols for the Internet services as it provides a set of rules to manage the data exchange between servers and browsers. On the other hand, this standard protocol has been widely used in the latest generation of botnets to establish their command and control channel and hide their malicious activities among normal Web traffic. Therefore, analyzing HTTP traffic has become a common method in current HTTP-based botnet detection studies. Since the HTTP botnets are a new phenomenon,they have not been fully explored yet. Therefore, in this paper we present an overview of the features and parameters that have been used in existing studies to detect HTTP botnets along with their shortcomings. We also propose a number of HTTP protocol characteristics that can be used for further botnet analysis and detection. © 2014 IEEE.

Original language	English
Title of host publication	Proceedings - 2014 International Symposium on Biometrics and Security Technologies, ISBAST 2014
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	274-279
Number of pages	6
ISBN (Print)	978-147996444-4
DOIs	https://doi.org/10.1109/ISBAST.2014.7013134
Publication status	Published - 16 Jan 2015
Externally published	Yes
Event	4th International Symposium on Biometrics and Security Technologies - Kuala Lumpur, Malaysia Duration: 26 Aug 2014 → 27 Aug 2014

Conference

Conference	4th International Symposium on Biometrics and Security Technologies
Abbreviated title	ISBAST 2014
Period	26/08/14 → 27/08/14

Access to Document

10.1109/ISBAST.2014.7013134

Cite this

@inproceedings{804d8386930a44f09ac2d7786ee7cc26,

title = "Botnet evolution: Network traffic indicators",

abstract = "In recent years, the HTTP has become dominant protocol among other protocols for the Internet services as it provides a set of rules to manage the data exchange between servers and browsers. On the other hand, this standard protocol has been widely used in the latest generation of botnets to establish their command and control channel and hide their malicious activities among normal Web traffic. Therefore, analyzing HTTP traffic has become a common method in current HTTP-based botnet detection studies. Since the HTTP botnets are a new phenomenon,they have not been fully explored yet. Therefore, in this paper we present an overview of the features and parameters that have been used in existing studies to detect HTTP botnets along with their shortcomings. We also propose a number of HTTP protocol characteristics that can be used for further botnet analysis and detection. {\textcopyright} 2014 IEEE.",

keywords = "anomaly detection, Command and Control (C&C) mechanism, HTTP botnet, network security, web traffic analysis, Biometrics, Electronic data interchange, Hypertext systems, Internet, Internet protocols, Malware, Network security, Social networking (online), World Wide Web, Anomaly detection, Botnet detections, Command and control, Internet services, Malicious activities, Network traffic, Standard protocols, Web traffic analysis, HTTP",

author = "M.R. Rostami and M. Eslahi and B. Shanmugam and Zakiah Ismail",

year = "2015",

month = jan,

day = "16",

doi = "10.1109/ISBAST.2014.7013134",

language = "English",

isbn = "978-147996444-4",

pages = "274--279",

booktitle = "Proceedings - 2014 International Symposium on Biometrics and Security Technologies, ISBAST 2014",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States",

note = "4th International Symposium on Biometrics and Security Technologies, ISBAST 2014 ; Conference date: 26-08-2014 Through 27-08-2014",

}

Rostami, MR, Eslahi, M, Shanmugam, B & Ismail, Z 2015, Botnet evolution: Network traffic indicators. in Proceedings - 2014 International Symposium on Biometrics and Security Technologies, ISBAST 2014., 14855341, IEEE, Institute of Electrical and Electronics Engineers, pp. 274-279, 4th International Symposium on Biometrics and Security Technologies, 26/08/14. https://doi.org/10.1109/ISBAST.2014.7013134

Botnet evolution : Network traffic indicators. / Rostami, M.R.; Eslahi, M.; Shanmugam, B. et al.

Proceedings - 2014 International Symposium on Biometrics and Security Technologies, ISBAST 2014. IEEE, Institute of Electrical and Electronics Engineers, 2015. p. 274-279 14855341.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper published in Proceedings › peer-review

TY - GEN

T1 - Botnet evolution

T2 - 4th International Symposium on Biometrics and Security Technologies

AU - Rostami, M.R.

AU - Eslahi, M.

AU - Shanmugam, B.

AU - Ismail, Zakiah

PY - 2015/1/16

Y1 - 2015/1/16

N2 - In recent years, the HTTP has become dominant protocol among other protocols for the Internet services as it provides a set of rules to manage the data exchange between servers and browsers. On the other hand, this standard protocol has been widely used in the latest generation of botnets to establish their command and control channel and hide their malicious activities among normal Web traffic. Therefore, analyzing HTTP traffic has become a common method in current HTTP-based botnet detection studies. Since the HTTP botnets are a new phenomenon,they have not been fully explored yet. Therefore, in this paper we present an overview of the features and parameters that have been used in existing studies to detect HTTP botnets along with their shortcomings. We also propose a number of HTTP protocol characteristics that can be used for further botnet analysis and detection. © 2014 IEEE.

AB - In recent years, the HTTP has become dominant protocol among other protocols for the Internet services as it provides a set of rules to manage the data exchange between servers and browsers. On the other hand, this standard protocol has been widely used in the latest generation of botnets to establish their command and control channel and hide their malicious activities among normal Web traffic. Therefore, analyzing HTTP traffic has become a common method in current HTTP-based botnet detection studies. Since the HTTP botnets are a new phenomenon,they have not been fully explored yet. Therefore, in this paper we present an overview of the features and parameters that have been used in existing studies to detect HTTP botnets along with their shortcomings. We also propose a number of HTTP protocol characteristics that can be used for further botnet analysis and detection. © 2014 IEEE.

KW - anomaly detection

KW - Command and Control (C&C) mechanism

KW - HTTP botnet

KW - network security

KW - web traffic analysis

KW - Biometrics

KW - Electronic data interchange

KW - Hypertext systems

KW - Internet

KW - Internet protocols

KW - Malware

KW - Network security

KW - Social networking (online)

KW - World Wide Web

KW - Anomaly detection

KW - Botnet detections

KW - Command and control

KW - Internet services

KW - Malicious activities

KW - Network traffic

KW - Standard protocols

KW - Web traffic analysis

KW - HTTP

UR - https://www.scopus.com/record/display.uri?eid=2-s2.0-84922789067&doi=10.1109%2fISBAST.2014.7013134&origin=inward&txGid=df456389ac85bd4c1c50999c9cfbeeb8

U2 - 10.1109/ISBAST.2014.7013134

DO - 10.1109/ISBAST.2014.7013134

M3 - Conference Paper published in Proceedings

SN - 978-147996444-4

SP - 274

EP - 279

BT - Proceedings - 2014 International Symposium on Biometrics and Security Technologies, ISBAST 2014

PB - IEEE, Institute of Electrical and Electronics Engineers

Y2 - 26 August 2014 through 27 August 2014

ER -

Botnet evolution: Network traffic indicators

Abstract

Conference

Access to Document

Other files and links

Fingerprint

Cite this