Remember Me
Or use your Academic/Social account:


Or use your Academic/Social account:


You have just completed your registration at OpenAire.

Before you can login to the site, you will need to activate your account. An e-mail will be sent to you with the proper instructions.


Please note that this site is currently undergoing Beta testing.
Any new content you create is not guaranteed to be present to the final version of the site upon release.

Thank you for your patience,
OpenAire Dev Team.

Close This Message


Verify Password:
Verify E-mail:
*All Fields Are Required.
Please Verify You Are Human:
fbtwitterlinkedinvimeoflicker grey 14rssslideshare1
Acarali, D.; Rajarajan, M.; Komninos, N.; Herwono, I. (2016)
Publisher: Elsevier
Languages: English
Types: Article
Subjects: QA75

Classified by OpenAIRE into

Botnet use is on the rise, with a growing number of botmasters now switching to the HTTP-based C&C infrastructure. This offers them more stealth by allowing them to blend in with benign web traffic. Several works have been carried out aimed at characterising or detecting HTTP-based bots, many of which use network communication features as identifiers of botnet behaviour. In this paper, we present a survey of these approaches and the network features they use in order to highlight how botnet traffic is currently differentiated from normal traffic. We classify papers by traffic types, and provide a breakdown of features by protocol. In doing so, we hope to highlight the relationships between features at the application, transport and network layers.
  • The results below are discovered through our pilot algorithms. Let us know how we are doing!

    • Al-Bataineh, A., & White, G. (2012). Analysis and detection of malicious data ex ltration in web tra c. In Malicious and Unwanted Software (MALWARE), 2012 7th International Conference on (pp. 26{31). doi:10.1109/MALWARE.2012.6461004.
    • Andrade, M., & Vlajic, N. (2012). Dirt jumper: A key player in today's botnet-for-ddos market. In Internet Security (WorldCIS), 2012 World Congress on (pp. 239{244).
    • Beigi, E., Jazi, H., Stakhanova, N., & Ghorbani, A. (2014). Towards e ective feature selection in machine learning-based botnet detection approaches. In Communications and Network Security (CNS), 2014 IEEE Conference on (pp. 247{255). doi:10.1109/ CNS.2014.6997492.
    • Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., & Wang, L. (2010). On the analysis of the zeus botnet crimeware toolkit. In Privacy Security and Trust (PST), 2010 Eighth Annual International Conference on (pp. 31{ 38). doi:10.1109/PST.2010.5593240.
    • Borgaonkar, R. (2010). An analysis of the asprox botnet. In Emerging Security Information Systems and Technologies (SECURWARE), 2010 Fourth International Conference on (pp. 148{153). doi:10.1109/SECURWARE.2010.32.
    • Cai, T., & Zou, F. (2012). Detecting http botnet with clustering network tra c. In Wireless Communications, Networking and Mobile Computing (WiCOM), 2012 8th International Conference on (pp. 1{7). doi:10.1109/WiCOM.2012.6478491.
    • Eslahi, M., Hashim, H., & Tahir, N. (2013). An e cient false alarm reduction approach in http-based botnet detection. In Computers Informatics (ISCI), 2013 IEEE Symposium on (pp. 201{205). doi:10.1109/ISCI.2013.6612403.
    • Eslahi, M., Rohmad, M., Nilsaz, H., Naseri, M., Tahir, N., & Hashim, H. (2015). Periodicity classi cation of http tra c to detect http botnets. In Computer Applications Industrial Electronics (ISCAIE), 2015 IEEE Symposium on (pp. 119{123). doi:10.1109/ISCAIE.2015.7298339.
    • Etemad, F., & Vahdani, P. (2012). Real-time botnet command and control characterization at the host level. In Telecommunications (IST), 2012 Sixth International Symposium on (pp. 1005{1009). doi:10.1109/ISTEL.2012.6483133.
    • Farina, P., Cambiaso, E., Papaleo, G., & Aiello, M. (2016). Are mobile botnets a possible threat? the case of slowbot net. Computers & Security, 58 , 268{283.
    • Garcia, S., Zunino, A., & Campo, M. (2014). Survey on networkbased botnet detection methods. Security and Communication Networks, 7 , 878{903. URL: http://dx.doi.org/10.1002/sec. 800. doi:10.1002/sec.800.
    • GitHub (). Http/2 frequently asked questions. URL: https://http2. github.io/faq/ last accessed 20th January 2016.
    • GitHub (2016). Cyber observable expression (cybox). URL: https: //cyboxproject.github.io/ last accessed 29th January 2016.
    • Grill, M., & Rehak, M. (2014). Malware detection using http useragent discrepancy identi cation. In Information Forensics and Security (WIFS), 2014 IEEE International Workshop on (pp. 221{226). doi:10.1109/WIFS.2014.7084331.
    • Gu, G., Zhang, J., & Lee, W. (2008). Botsni er: Detecting botnet command and control channels in network tra c, .
    • Haddadi, F., & Zincir-Heywood, A. (2014). Benchmarking the effect of ow exporters and protocol lters on botnet tra c classication. Systems Journal, IEEE , PP, 1{12. doi:10.1109/JSYST. 2014.2364743.
    • Hands, N. M., Yang, B., & Hansen, R. A. (2015). A study on botnets utilizing dns. In Proceedings of the 4th Annual ACM Conference on Research in Information Technology (pp. 23{28). ACM.
    • ICANN (2016). Dnssec. URL: https://www.icann.org/resources/ pages/dnssec-qaa-2014-01-29-en last accessed 22nd August 2016.
    • Li, K., Liu, C., & Cui, X. (2014). Poster: A lightweight unknown http botnets detecting and characterizing system. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security CCS '14 (pp. 1454{1456). New York, NY, USA: ACM. URL: http://doi.acm.org/10.1145/2660267. 2662375. doi:10.1145/2660267.2662375.
    • Lu, C., & Brooks, R. (2011). Botnet tra c detection using hidden markov models. In Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research CSIIRW '11 (pp. 31:1{31:1). New York, NY, USA: ACM. URL: http://doi.acm.org/10.1145/2179298.2179332. doi:10.1145/2179298.2179332.
    • McAfee (2015). Threats report february 2015. URL: http://www.mcafee.com/uk/resources/reports/ rp-quarterly-threat-q4-2014.pdf last accessed 22nd July 2015.
    • Odom, W. (2011a). CCENT/CCNA ICND1 640-822 O cial Cert Guide (3rd Edition). Cisco Press.
    • Odom, W. (2011b). CCNA ICND2 640-816 O cial Cert Guide (3rd Edition). Cisco Press.
    • O'Reilly.com, C. L. (2013). Chapter 12. http/2. URL: http: //chimera.labs.oreilly.com/books/1230000000545/ch12.html last accessed 20th January 2016.
    • Project, T. T. (). Tor: Overview. URL: https://www.torproject. org/about/overview.html last accessed 22nd August 2016.
    • Rahimian, A., Ziarati, R., Preda, S., & Debbabi, M. (2014). Foundations and practice of security: 6th international symposium, fps 2013, la rochelle, france, october 21-22, 2013, revised selected papers. chapter On the Reverse Engineering of the Citadel Botnet. (pp. 408{425"). Springer International Publishing. URL: http://dx.doi.org/10.1007/978-3-319-05302-8_25. doi:10.1007/978-3-319-05302-8_25.
    • Rodriguez-Gomez, R. A., Macia-Fernandez, G., & GarciaTeodoro, P. (2013). Survey and taxonomy of botnet research through life-cycle. ACM Comput. Surv., 45 , 45:1{45:33. URL: http://doi.acm.org/10.1145/2501654.2501659. doi:10. 1145/2501654.2501659.
    • Rostami, M., Eslahi, M., Shanmugam, B., & Ismail, Z. (2014). Botnet evolution: Network tra c indicators. In Biometrics and Security Technologies (ISBAST), 2014 International Symposium on (pp. 274{279). doi:10.1109/ISBAST.2014.7013134.
    • Schiavoni, S., Maggi, F., Cavallaro, L., & Zanero, S. (2014). Detection of intrusions and malware, and vulnerability assessment: 11th international conference, dimva 2014, egham, uk, july 10-11, 2014. proceedings. chapter Phoenix: DGA-Based Botnet Tracking and Intelligence. (pp. 192{211). Springer International Publishing. URL: http://dx.doi.org/10.1007/978-3-319-08509-8_11. doi:10.1007/978-3-319-08509-8_11.
    • Sharifnya, R., & Abadi, M. (2013). A novel reputation system to detect dga-based botnets. In Computer and Knowledge Engineering (ICCKE), 2013 3th International eConference on (pp. 417{423). doi:10.1109/ICCKE.2013.6682860.
    • Shiaeles, S. N., Katos, V., Karakos, A. S., & Papadopoulos, B. K. (2012). Real time ddos detection using fuzzy estimators. Computers & Security, 31 , 782{790. URL: http://www. sciencedirect.com/science/article/pii/S0167404812000922. doi:http://dx.doi.org/10.1016/j.cose.2012.06.002.
    • Silva, S. S. C., Silva, R. M. P., Pinto, R. C. G., & Salles, R. M. (2013). Botnets: A survey. Comput. Netw., 57 , 378{ 403. URL: http://dx.doi.org/10.1016/j.comnet.2012.07.021. doi:10.1016/j.comnet.2012.07.021.
    • Soniya, B., & Wilscy, M. (2013). Using entropy of tra c features to identify bot infected hosts. In Intelligent Computational Systems (RAICS), 2013 IEEE Recent Advances in (pp. 13{18). doi:10. 1109/RAICS.2013.6745439.
    • Sood, A., Zeadally, S., & Enbody, R. (2014). An empirical study of http-based nancial botnets. Dependable and Secure Computing, IEEE Transactions on, PP, 1{1. doi:10.1109/TDSC.2014. 2382590.
    • Symantec (2014). Internet security threat report. URL: https: //www4.symantec.com/mktginfo/whitepaper/ISTR/21347932_ GA-internet-security-threat-report-volume-20-2015-social_ v2.pdf last accessed 22nd July 2015.
    • Thomas, K., & Nicol, D. (2010). The koobface botnet and the rise of social malware. In Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on (pp. 63{70). doi:10.1109/MALWARE.2010.5665793.
    • Venkatesh, G., & Nadarajan, R. (2012). Information security theory and practice. security, privacy and trust in computing systems and ambient intelligent ecosystems: 6th i p wg 11.2 international workshop, wistp 2012, egham, uk, june 20- 22, 2012. proceedings. chapter HTTP Botnet Detection Using Adaptive Learning Rate Multilayer Feed-Forward Neural Network. (pp. 38{48). Berlin, Heidelberg: Springer Berlin Heidelberg. URL: http://dx.doi.org/10.1007/978-3-642-30955-7_5. doi:10.1007/978-3-642-30955-7_5.
    • Wang, B., Li, Z., Li, D., Liu, F., & Chen, H. (2010). Modeling connections behavior for web-based bots detection. In e-Business and Information System Security (EBISS), 2010 2nd International Conference on (pp. 1{4). doi:10.1109/EBISS.2010.5473532.
    • Xiang, Y., Li, K., & Zhou, W. (2011). Low-rate ddos attacks detection and traceback by using new information metrics. IEEE Transactions on Information Forensics and Security , 6 , 426{437.
    • Xiang, Y., Zhou, W., & Guo, M. (2009). Flexible deterministic packet marking: An ip traceback system to nd the real source of attacks. IEEE Transactions on Parallel and Distributed Systems, 20 , 567{580.
  • No related research data.
  • Discovered through pilot similarity algorithms. Send us your feedback.

Share - Bookmark

Cite this article