Survey of Approaches and Features for the Identification of HTTP-Based Botnet Traffic

Article English OPEN
Acarali, D. ; Rajarajan, M. ; Komninos, N. ; Herwono, I. (2016)

Botnet use is on the rise, with a growing number of botmasters now switching to the HTTP-based C&C infrastructure. This offers them more stealth by allowing them to blend in with benign web traffic. Several works have been carried out aimed at characterising or detecting HTTP-based bots, many of which use network communication features as identifiers of botnet behaviour. In this paper, we present a survey of these approaches and the network features they use in order to highlight how botnet traffic is currently differentiated from normal traffic. We classify papers by traffic types, and provide a breakdown of features by protocol. In doing so, we hope to highlight the relationships between features at the application, transport and network layers.
  • References (40)
    40 references, page 1 of 4

    Al-Bataineh, A., & White, G. (2012). Analysis and detection of malicious data ex ltration in web tra c. In Malicious and Unwanted Software (MALWARE), 2012 7th International Conference on (pp. 26{31). doi:10.1109/MALWARE.2012.6461004.

    Andrade, M., & Vlajic, N. (2012). Dirt jumper: A key player in today's botnet-for-ddos market. In Internet Security (WorldCIS), 2012 World Congress on (pp. 239{244).

    Beigi, E., Jazi, H., Stakhanova, N., & Ghorbani, A. (2014). Towards e ective feature selection in machine learning-based botnet detection approaches. In Communications and Network Security (CNS), 2014 IEEE Conference on (pp. 247{255). doi:10.1109/ CNS.2014.6997492.

    Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., & Wang, L. (2010). On the analysis of the zeus botnet crimeware toolkit. In Privacy Security and Trust (PST), 2010 Eighth Annual International Conference on (pp. 31{ 38). doi:10.1109/PST.2010.5593240.

    Borgaonkar, R. (2010). An analysis of the asprox botnet. In Emerging Security Information Systems and Technologies (SECURWARE), 2010 Fourth International Conference on (pp. 148{153). doi:10.1109/SECURWARE.2010.32.

    Cai, T., & Zou, F. (2012). Detecting http botnet with clustering network tra c. In Wireless Communications, Networking and Mobile Computing (WiCOM), 2012 8th International Conference on (pp. 1{7). doi:10.1109/WiCOM.2012.6478491.

    Eslahi, M., Hashim, H., & Tahir, N. (2013). An e cient false alarm reduction approach in http-based botnet detection. In Computers Informatics (ISCI), 2013 IEEE Symposium on (pp. 201{205). doi:10.1109/ISCI.2013.6612403.

    Eslahi, M., Rohmad, M., Nilsaz, H., Naseri, M., Tahir, N., & Hashim, H. (2015). Periodicity classi cation of http tra c to detect http botnets. In Computer Applications Industrial Electronics (ISCAIE), 2015 IEEE Symposium on (pp. 119{123). doi:10.1109/ISCAIE.2015.7298339.

    Etemad, F., & Vahdani, P. (2012). Real-time botnet command and control characterization at the host level. In Telecommunications (IST), 2012 Sixth International Symposium on (pp. 1005{1009). doi:10.1109/ISTEL.2012.6483133.

    Farina, P., Cambiaso, E., Papaleo, G., & Aiello, M. (2016). Are mobile botnets a possible threat? the case of slowbot net. Computers & Security, 58 , 268{283.

  • Similar Research Results (7)
  • Metrics
    views in OpenAIRE
    views in local repository
    downloads in local repository

    The information is available from the following content providers:

    From Number Of Views Number Of Downloads
    City Research Online - IRUS-UK 0 288
Share - Bookmark