Detecting HTTP-Based Botnets by Investigating DNS and HTTP Traffic
Date Issued
2010
Date
2010
Author(s)
Kao, Jian-Nan
Abstract
Because of the ability to assemble a tremendous amount of aggregate computing power, botnets have been recognized as one of the largest threat to Internet security today. With the prevalence of various network services, HTTP-based botnets take up a considerable portion of newly appeared botnets because botnet traffic can be hidden in vast majority of web traffic to evade detection. The difference between botnet traffic and normal traffic is that traffic of a group composed of bots shows regularity. As a result, in order to detect HTTP-based botnets effectively, this study proposes an approach based on monitoring the group features of DNS and HTTP traffic on Internet. It first finds possible groups of botnets from DNS traffic and then checks HTTP traffic of these groups. It observes group features of HTTP traffic to judge this group is a botnet or not. After evaluating with real-world botnet traces, we prove this approach can detect HTTP-based botnets effectively.
Subjects
Botnets
DNS traffic
HTTP traffic
Group characteristics
Regularity in traffic
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-99-R97944039-1.pdf
Size
23.32 KB
Format
Adobe PDF
Checksum
(MD5):a386b2f0031a02a77c72bc5a9b03a4a6