Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2017 (2017), Article ID 5960307, 11 pages
https://doi.org/10.1155/2017/5960307
Research Article

Detecting Web-Based Botnets Using Bot Communication Traffic Features

1Department of Computer Science and Information Engineering, National Central University, Taoyuan, Taiwan
2School of Applied Foreign Languages, Chung Shan Medical University, Taichung, Taiwan
3Department of Computer Science and Information Engineering, National Chung Cheng University, Chiayi, Taiwan

Correspondence should be addressed to Chih-Wen Ou; moc.liamg@uoknarf.newhihc

Received 28 March 2017; Revised 18 June 2017; Accepted 25 September 2017; Published 3 December 2017

Academic Editor: Steffen Wendzel

Copyright © 2017 Fu-Hau Hsu et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. M. Abu Rajab, J. Zarfoss, F. Monrose, and A. Terzis, “A multifaceted approach to understanding the botnet phenomenon,” in Proceedings of the 6th ACM SIGCOMM on Internet Measurement Conference, IMC 2006, pp. 41–52, Brazil, October 2006. View at Publisher · View at Google Scholar · View at Scopus
  2. D. Dagon, O. Gu, C. P. Lee, and W. Lee, “A taxonomy of botnet structures,” in Proceedings of the 23rd Annual Computer Security Applications Conference, ACSAC 2007, pp. 325–338, Miami Beach, Fla, USA, December 2007. View at Publisher · View at Google Scholar · View at Scopus
  3. G. Gu, J. Zhang, and W. Lee, Botsniffer: Detecting botnet command and control channels in network traffic. In NDSS. The Internet Society, 2008.
  4. FBI. Botnets 101 What They Are and How to Avoid Them, 2013.
  5. A. K. Sood, R. J. Enbody, and R. Bansal, “Dissecting spyeye-understanding the design of third generation botnets,” Computer Networks, vol. 57, no. 2, pp. 436–450, 2013. View at Publisher · View at Google Scholar · View at Scopus
  6. H. Binsalleeh, T. Ormerod, A. Boukhtouta et al., “On the analysis of the Zeus botnet crimeware toolkit,” in Proceedings of the 2010 8th International Conference on Privacy, Security and Trust, PST 2010, pp. 31–38, Canada, August 2010. View at Publisher · View at Google Scholar · View at Scopus
  7. G. Gu, V. Yegneswaran, P. Porras, J. Stoll, and W. Lee, “Active botnet probing to identify obscure command and control channels,” in Proceedings of the 25th Annual Computer Conference Security Applications, ACSAC 2009, pp. 241–253, Honolulu, Hawaii, USA, December 2009. View at Publisher · View at Google Scholar · View at Scopus
  8. C. Livadas, R. Walsh, D. Lapsley, and W. T. Strayer, “Using machine learning techniques to identify botnet traffic,” in Proceedings of the 31st Annual IEEE Conference on Local Computer Networks (LCN '06), pp. 967–974, Tampa, Fla, USA, November 2006. View at Publisher · View at Google Scholar · View at Scopus
  9. A. Karasaridis, B. Rexroad, and D. Hoeflin, “Wide-scale botnet detection and characterization,” in Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, HotBots'07, p. 7, USENIX Association, Berkeley, Calif, USA, 2007.
  10. T. Cai and F. Zou, “Detecting HTTP botnet with clustering network traffic,” in Proceedings of the 8th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM '12), pp. 1–7, September 2012. View at Publisher · View at Google Scholar · View at Scopus
  11. E. J. Kartaltepe, J. A. Morales, S. Xu, and R. Sandhu, “Social network-based botnet command-and-control: emerging threats and countermeasures,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 6123, pp. 511–528, 2010. View at Publisher · View at Google Scholar · View at Scopus
  12. Cisco. NetFlow Services Solutions Guide, 2007.
  13. Behind Phishing: An Examination of Phisher Modi Operandi.
  14. Global Phishing Survey: Trends and Domain Name Use in 2H2009.
  15. Information and Communication Security Technology Center.
  16. G. K. Venkatesh and R. A. Nadarajan, “HTTP botnet detection using adaptive learning rate multilayer feed-forward neural network,” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics): Preface, vol. 7322, pp. 38–48, 2012. View at Publisher · View at Google Scholar · View at Scopus
  17. D. Zhao, I. Traore, B. Sayed et al., “Botnet detection based on traffic behavior analysis and flow intervals,” Computers & Security, vol. 39, pp. 2–16, 2013. View at Publisher · View at Google Scholar · View at Scopus
  18. F.-H. Hsu, C.-S. Wang, C.-H. Hsu, C.-K. Tso, L.-H. Chen, and S.-H. Lin, “Detect fast-flux domains through response time differences,” IEEE Journal on Selected Areas in Communications, vol. 32, no. 10, pp. 1947–1956, 2014. View at Publisher · View at Google Scholar · View at Scopus
  19. G. Gu, R. Perdisci, J. Zhang, and W. Lee, “Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection,” in Proceedings of the 17th Conference on Security Symposium, SS'08, pp. 139–154, USENIX Association, Berkeley, Calif, USA, 2008.
  20. G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee, “Bothunter: Detecting malware infection through ids-driven dialog correlation,” in Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, SS'07, pp. 12:1–12:16, Berkeley, Calif, USA, 2007.
  21. F. Yu, Y. Xie, and Q. Ke, “SBotMiner: Large scale search bot detection,” in Proceedings of the 3rd ACM International Conference on Web Search and Data Mining, WSDM 2010, pp. 421–430, USA, February 2010. View at Publisher · View at Google Scholar · View at Scopus
  22. A. Zand, G. Vigna, X. Yan, and C. Kruegel, “Extracting probable command and control signatures for detecting botnets,” in Proceedings of the 29th Annual ACM Symposium on Applied Computing, SAC 2014, pp. 1657–1662, Republic of Korea, March 2014. View at Publisher · View at Google Scholar · View at Scopus
  23. K. Wang, C. Huang, S. Lin, and Y. Lin, “A fuzzy pattern-based filtering algorithm for botnet detection,” Computer Networks, vol. 55, no. 15, pp. 3275–3286, 2011. View at Publisher · View at Google Scholar · View at Scopus
  24. J. Zhang, R. Perdisci, W. Lee, X. Luo, and U. Sarfraz, “Building a scalable system for stealthy P2P-botnet detection,” IEEE Transactions on Information Forensics and Security, vol. 9, no. 1, pp. 27–38, 2014. View at Publisher · View at Google Scholar · View at Scopus
  25. S. Khattak, N. R. Ramay, K. R. Khan, A. A. Syed, and S. A. Khayam, “A Taxonomy of botnet behavior, detection, and defense,” IEEE Communications Surveys & Tutorials, vol. 16, no. 2, pp. 898–924, 2014. View at Publisher · View at Google Scholar · View at Scopus
  26. B. Stone-Gross, M. Cova, L. Cavallaro et al., “Your botnet is my botnet: Analysis of a botnet takeover,” in Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS'09, pp. 635–647, New York, NY, USA, November 2009. View at Publisher · View at Google Scholar · View at Scopus
  27. Y. Nadji, M. Antonakakis, R. Perdisci, D. Dagon, and W. Lee, “Beheading hydras: Performing effective botnet takedowns,” in Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013, pp. 121–132, Germany, November 2013. View at Publisher · View at Google Scholar · View at Scopus
  28. R. Perdisci, W. Lee, and N. Feamster, “Behavioral clustering of http-based malware and signature generation using malicious network traces,” in Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation, NSDI'10, p. 26, Berkeley, Calif, USA, 2010.
  29. T.-S. Wang, C.-S. Lin, and H.-T. Lin, “DGA botnet detection utilizing social network analysis,” in Proceedings of the 2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016, pp. 333–336, China, July 2016. View at Publisher · View at Google Scholar · View at Scopus
  30. N. Venkatachalam and R. Anitha, “A multi-feature approach to detect Stegobot: a covert multimedia social network botnet,” Multimedia Tools and Applications, vol. 76, no. 4, pp. 6079–6096, 2017. View at Publisher · View at Google Scholar · View at Scopus
  31. E. Ferrara, O. Varol, C. Davis, F. Menczer, and A. Flammini, “The rise of social bots,” Communications of the ACM, vol. 59, no. 7, pp. 96–104, 2016. View at Publisher · View at Google Scholar
  32. E. Bertino and N. Islam, “Botnets and internet of things security,” The Computer Journal, vol. 50, no. 2, Article ID 7842850, pp. 76–79, 2017. View at Publisher · View at Google Scholar · View at Scopus
  33. R. Hallman, J. Bryan, G. Palavicini, J. Divita, and J. Romero-Mariona, Ioddos the internet of distributed denial of sevice attacks, 2017.
  34. M. Eslahi, R. Salleh, and N. B. Anuar, “MoBots: A new generation of botnets on mobile devices and networks,” in Proceedings of the 2012 IEEE Symposium on Computer Applications and Industrial Electronics, ISCAIE 2012, pp. 262–266, Malaysia, December 2012. View at Publisher · View at Google Scholar · View at Scopus
  35. C. Adams, Sms botnet detection on mobile devices, May 24 2016. US Patent 9, 351, 167.