{"title":"基于DNS的僵尸网络检测和HTTP流量分析","authors":"Agung Udiyono, Charles Lim, Lukas","doi":"10.1145/3429789.3429818","DOIUrl":null,"url":null,"abstract":"To perform a large scale attack on the victim, cyber attacker usually prepares thousands if not millions of infected computers to accomplish the goal. Once the infected computers, also called botnet, are ready, they will communicate with the Command and Control (C&C) server to obtain the instruction to perform their acts. Botnet tries to disguise their communication as regular traffic by using commonly used protocols such as HTTP so that their conversation with C&C is not blocked by the firewall. This research explores botnet's footprints using both HTTP and DNS protocols and analyzes their behaviors to select the most appropriate features of HTTP and DNS protocols to be used in our classification model. The developed model has been shown to provide 86% accuracy in distinguishing botnet from benign traffic on the enterprise network.","PeriodicalId":416230,"journal":{"name":"Proceedings of the 2021 International Conference on Engineering and Information Technology for Sustainable Industry","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-09-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"Botnet Detection Using DNS and HTTP Traffic Analysis\",\"authors\":\"Agung Udiyono, Charles Lim, Lukas\",\"doi\":\"10.1145/3429789.3429818\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To perform a large scale attack on the victim, cyber attacker usually prepares thousands if not millions of infected computers to accomplish the goal. Once the infected computers, also called botnet, are ready, they will communicate with the Command and Control (C&C) server to obtain the instruction to perform their acts. Botnet tries to disguise their communication as regular traffic by using commonly used protocols such as HTTP so that their conversation with C&C is not blocked by the firewall. This research explores botnet's footprints using both HTTP and DNS protocols and analyzes their behaviors to select the most appropriate features of HTTP and DNS protocols to be used in our classification model. The developed model has been shown to provide 86% accuracy in distinguishing botnet from benign traffic on the enterprise network.\",\"PeriodicalId\":416230,\"journal\":{\"name\":\"Proceedings of the 2021 International Conference on Engineering and Information Technology for Sustainable Industry\",\"volume\":\"23 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-09-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2021 International Conference on Engineering and Information Technology for Sustainable Industry\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3429789.3429818\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2021 International Conference on Engineering and Information Technology for Sustainable Industry","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3429789.3429818","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Botnet Detection Using DNS and HTTP Traffic Analysis
To perform a large scale attack on the victim, cyber attacker usually prepares thousands if not millions of infected computers to accomplish the goal. Once the infected computers, also called botnet, are ready, they will communicate with the Command and Control (C&C) server to obtain the instruction to perform their acts. Botnet tries to disguise their communication as regular traffic by using commonly used protocols such as HTTP so that their conversation with C&C is not blocked by the firewall. This research explores botnet's footprints using both HTTP and DNS protocols and analyzes their behaviors to select the most appropriate features of HTTP and DNS protocols to be used in our classification model. The developed model has been shown to provide 86% accuracy in distinguishing botnet from benign traffic on the enterprise network.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
