Correlation-based HTTP Botnet detection using network communication histogram analysis

Autor: Meisam Eslahi, Wardah Zainal Abidin, Maryam Var Naseri
Rok vydání: 2017
Předmět:
Zdroj: 2017 IEEE Conference on Application, Information and Network Security (AINS).
DOI: 10.1109/ains.2017.8270416
Popis: The latest generation of Botnets use HTTP protocol and port 80 as their communication medium to impersonate themselves as normal web users and avoid current security solutions. In addition, the Botmasters who control the infected devices employ several techniques, such as encryption, code obfuscation, anti-honeypot capabilities and random communication patterns to keep their Bots undetectable as long as possible. However, Bots are designed to be a coordinated form of organized cyberattack in which they conduct the synchronized attacks in the form of groups. Thus, the similarities of cooperative group activities can be used as an effective measure to distinguish Bots from normal users. In this paper, we propose a histogram based behaviour analysis approach to identify the number of web requests and their time gap diversity posed by HTTP Bots. Finally, a correlation based communication histogram analysis approach is designed to detect HTTP Botnets based on similarity and correlation of their group activities. The proposed correlation based HTTP Botnet detection model was successfully able to detect the HTTP Bots with high accuracy, along with a very low rate of false positive.
Databáze: OpenAIRE