Detecting Bot Networks Based On HTTP And TLS Traffic Analysis
author
Abstract:
Abstract— Bot networks are a serious threat to cyber security, whose destructive behavior affects network performance directly. Detecting of infected HTTP communications is a big challenge because infected HTTP connections are clearly merged with other types of HTTP traffic. Cybercriminals prefer to use the web as a communication environment to launch application layer attacks and secretly engage in forbidden activities, while TLS (Transport Layer Security) protocols allow encrypted communication between client and server in the context of Internet provides. Methods of analyzing traffic behavior do not depend on payloads. This means that they can work with encrypted network communication protocols. Traffic behavior analysis methods do not depend on package shipments, which means they can work with encrypted network communication protocols. Hence, the analysis of TLS and HTTP traffic behavior has been considered for detecting malicious activities. Because of the exchange of information in the network context is very high and the volume of information is very large, storing and indexing of this massive data require a Big data platform.
similar resources
Detecting Active Bot Networks Based on DNS Traffic Analysis
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and redu...
full textHAS-Analyzer: Detecting HTTP-based C&C based on the Analysis of HTTP Activity Sets
We focus on two distinctive features of HTTP-based C&C traffic by analyzing HTTP activity sets. First, C&Cs show a few connections at a time (low-density). Second, contents within a request or a response change frequently among consecutive C&Cs (content-change). Based on these two features, we propose a C&C analysis mechanism that detects unknown HTTP-based C&Cs with low false-positives.
full textDetecting BOT Victim in Client Networks
In this paper we discuss my research in detecting bot victim in client networks. Botnets are collections of Internet hosts (―bots‖) that, through malware infection, have fallen under the control of a single entity (―botmaster‖). Botnets perform network scanning for different reasons: propagation, enumeration, penetration. One common type of scanning, called ―horizontal scanning,‖ systematically...
full textInternet - Draft HTTP Over TLS
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ''work in progress.'' To learn the current status of any Internet-Draft, please check the ''1id-abstracts.txt'' listing contained in the Internet-Drafts Shad...
full textInternet - Draft HTTP Over TLS
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as ''work in progress.'' To learn the current status of any Internet-Draft, please check the ''1id-abstracts.txt'' listing contained in the Internet-Drafts Shad...
full textPitfalls in HTTP Traffic Measurements and Analysis
Being responsible for more than half of the total traffic volume in the Internet, HTTP is a popular subject for traffic analysis. From our experiences with HTTP traffic analysis we identified a number of pitfalls which can render a carefully executed study flawed. Often these pitfalls can be avoided easily. Based on passive traffic measurements of 20.000 European residential broadband customers...
full textMy Resources
Journal title
volume 6 issue 2
pages 58- 67
publication date 2020-05-01
By following a journal you will be notified via email when a new issue of this journal is published.
Hosted on Doprax cloud platform doprax.com
copyright © 2015-2023