Abstract | ||
---|---|---|
Botnets are networks of compromised computers controlled under a common command and control channel. Recognized as one of the most serious security threats on current Internet infrastructure, botnets are often hidden in existing applications, e.g. IRC, HTTP, or peer-to-peer, which makes botnet detection a challenging problem. In this paper we propose a new, centralized, fully-encrypted, botnet system called Weasel. A set of signatures are examined and formalized to differentiate the behaviors of Weasel and normal web applications. Through these signatures, we apply a set of data mining techniques to detect the web based botnet behaviors on a web application community formed on a campus backbone network. The proposed approach was evaluated with over 400 thousand flows collected over seven consecutive days on a large scale network and results show the proposed approach successfully detects the botnet flows with a high detection rate and an acceptably low false alarm rate. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1109/WAINA.2013.235 | AINA Workshops |
Keywords | Field | DocType |
botnet system,campus backbone network,normal web application,acceptably low false alarm,large-scale web application community,botnet flow,mining botnet behaviors,large scale network,botnet behavior,web application community,high detection rate,botnet,data mining,web services,web applications,servers,web,cryptography,protocols,http,computer network security,internet | Cutwail botnet,ZeroAccess botnet,Rustock botnet,Computer security,Srizbi botnet,Computer science,Botnet,Computer network,Asprox botnet,Web application security,Mariposa botnet | Conference |
Volume | Issue | ISSN |
34 | 2 | 1072-5830 |
Citations | PageRank | References |
2 | 0.39 | 8 |
Authors | ||
2 |
Name | Order | Citations | PageRank |
---|---|---|---|
Daniel Garant | 1 | 66 | 5.19 |
Wei Lu | 2 | 703 | 30.81 |