Detecting HTTP-Based Botnet Based on Characteristic of the C & C Session Using by SVM

2013 Eighth Asia Joint Conference on Information Security Pub Date : 2013-07-25 DOI:10.1109/ASIAJCIS.2013.17
Kazumasa Yamauchi, Y. Hori, K. Sakurai
{"title":"Detecting HTTP-Based Botnet Based on Characteristic of the C & C Session Using by SVM","authors":"Kazumasa Yamauchi, Y. Hori, K. Sakurai","doi":"10.1109/ASIAJCIS.2013.17","DOIUrl":null,"url":null,"abstract":"With the spread of computer, the increase of malwareis a serious problem. In some malware, damage caused by bot net is a serious problem. Botnets perform the attack by remote control. The purpose of the present work is to suppress the bot net activity by detecting the C&C traffic through well-suited observations. There already exists many detection techniques, most of which focus on IRC-based bot net, and very little focus on HTTP-based bot net, even less, which include comparisons between both detection techniques. In this work, we focus on the HTTP-based bot net, and in order to classify normal HTTP session and C&C session, we make use of Support Vector Machine.","PeriodicalId":286298,"journal":{"name":"2013 Eighth Asia Joint Conference on Information Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2013-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 Eighth Asia Joint Conference on Information Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ASIAJCIS.2013.17","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7

Abstract

With the spread of computer, the increase of malwareis a serious problem. In some malware, damage caused by bot net is a serious problem. Botnets perform the attack by remote control. The purpose of the present work is to suppress the bot net activity by detecting the C&C traffic through well-suited observations. There already exists many detection techniques, most of which focus on IRC-based bot net, and very little focus on HTTP-based bot net, even less, which include comparisons between both detection techniques. In this work, we focus on the HTTP-based bot net, and in order to classify normal HTTP session and C&C session, we make use of Support Vector Machine.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于http特性的僵尸网络检测C会话使用SVM
随着计算机的普及,恶意软件的增加成为一个严重的问题。在一些恶意软件中,僵尸网络造成的损害是一个严重的问题。僵尸网络通过远程控制执行攻击。本工作的目的是通过适当的观察来检测C&C流量,从而抑制僵尸网络的活动。目前已有的检测技术很多,但大部分都是针对基于irc的僵尸网络,而针对基于http的僵尸网络的检测技术很少,对两种检测技术的比较更是少之又少。本文主要研究基于HTTP的bot网络,利用支持向量机对正常HTTP会话和C&C会话进行分类。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
2013 Eighth Asia Joint Conference on Information Security
2013 Eighth Asia Joint Conference on Information Security
自引率
0.00%
发文量
0
期刊最新文献
Cryptanalysis on RFID Authentications Using Minimum Disclosure Approach On Zero-Knowledge Identification Based on Q-ary Syndrome Decoding Suspicious URL Filtering Based on Logistic Regression with Multi-view Analysis Histogram-Based Reversible Information Hiding Improved by Prediction with the Variance to Enhance Image Quality Memory Forensics for Key Evidence Investigations in Case Illustrations
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1