• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>IEEE International Conference on Communications >Using anomaly detection based techniques to detect HTTP-based botnet CC traffic
【24h】

Using anomaly detection based techniques to detect HTTP-based botnet CC traffic

机译:使用基于异常检测的技术来检测基于HTTP的僵尸网络C&C流量

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

HTTP is becoming the most preferred channel for command and control (C&C) communication of botnets. One of the main reasons is that it is very easy to hide the C&C traffic in the massive amount of browser generated Web traffic. However, detecting these HTTP-based C&C packets which constitute only a minuscule portion of the overall everyday HTTP traffic is a formidable task. In this paper, we present an anomaly detection based approach to detect HTTP-based C&C traffic using statistical features based on client generated HTTP request packets and DNS server generated response packets. We use three different unsupervised anomaly detection techniques to isolate suspicious communications that have a high probability of being part of a botnet's C&C communication. Results indicate that our method can achieve more than 90% detection rate while maintaining a reasonably low false positive rate.
机译:HTTP正在成为僵尸网络的命令和控制(C&C)通信的首选渠道。主要原因之一是,很容易将C&C流量隐藏在大量浏览器生成的Web流量中。但是,检测这些仅构成日常HTTP总流量的很小一部分的基于HTTP的C&C数据包是一项艰巨的任务。在本文中,我们提出了一种基于异常检测的方法,该方法使用基于客户端生成的HTTP请求数据包和DNS服务器生成的响应数据包的统计功能来检测基于HTTP的C&C流量。我们使用三种不同的无监督异常检测技术来隔离可疑通信,这些可疑通信很有可能成为僵尸网络的C&C通信的一部分。结果表明,我们的方法可以实现90%以上的检测率,同时保持较低的假阳性率。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号