Return to search

Web-based Botnet Detection Based on Flow Information

Botnet is a combination of Cyber Attack, infection, and dissemination. Cross the Internet, the infected hosts might launch DDoS (Distributed Denial-of-Service) Attack, become a proxy sending SPAM according to commands from botmasters via some public services such as IRC, P2P or Web (HTTP) protocol. Among these command and control channel, Web-based Botnet is much difficult to detect because the command and control messages of Web-based Botnet are spread through HTTP protocol and hide behind normal Flows.
In this research, we focus on analysis and detection of Web-based Botnet, detection by features - Timeslot, calculation of NetFlow, B2S(Bot to Server) and S2B(Server to Bot) of Web-based Botnet. The experimental result shows the proposed approach which uses the features mention above is good in many different topology designs. In addition, we also got nice detection rate in real network design.

Identiferoai:union.ndltd.org:NSYSU/oai:NSYSU:etd-0908109-145449
Date08 September 2009
CreatorsTsai, Yu-Chou
ContributorsChia-Mei Chen, Bing-Chiang Cheng, Sheng-Tzong Cheng, D. J. Guan
PublisherNSYSU
Source SetsNSYSU Electronic Thesis and Dissertation Archive
LanguageCholon
Detected LanguageEnglish
Typetext
Formatapplication/pdf
Sourcehttp://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0908109-145449
Rightsnot_available, Copyright information available at source archive

Page generated in 0.002 seconds