Construction P2P firewall HTTP-Botnet defense mechanism

Koo, Tung-Ming; Chang, Hung-Chang; Wei, Guoquan

doi:10.1109/csae.2011.5953166

Cited by 10 publications

(3 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although, the proposed method can detect small-scale botnets, as noted by the authorsbot-masters can employevasion techniques like random delay in similar connections or random packet number that result in generating high false positive and false negative in results. In addition, like [13,16,21,22], normal programs which generates periodic connections (e.g. auto refresh web pages) can be detected as a Bot and increase the number of false positive.…”

Section: Regular Connection From Bot Infected Computers Tomentioning

confidence: 99%

Botnet evolution: Network traffic indicators

Rostami¹,

Eslahi

Shanmugam³

et al. 2014

2014 International Symposium on Biometrics and Security Technologies (ISBAST)

View full text Add to dashboard Cite

In recent years, the HTTP has become dominant protocol among other protocols for the Internet services as it provides a set of rules to manage the data exchange between servers and browsers. On the other hand, this standard protocol has been widely used in the latest generation of botnets to establish their command and control channel and hide their malicious activities among normal Web traffic. Therefore, analyzing HTTP traffic has become a common method in current HTTP-based botnet detection studies. Since the HTTP botnets are a new phenomenon,they have not been fully explored yet. Therefore, in this paper we present an overview of the features and parameters that have been used in existing studies to detect HTTP botnets along with their shortcomings. We also propose a number of HTTP protocol characteristics that can be used for further botnet analysis and detection.

show abstract

Section: Regular Connection From Bot Infected Computers Tomentioning

confidence: 99%

Botnet evolution: Network traffic indicators

Rostami¹,

Eslahi

Shanmugam³

et al. 2014

2014 International Symposium on Biometrics and Security Technologies (ISBAST)

View full text Add to dashboard Cite

show abstract

“…When an IRC bot connects to a specific channel, it stays in the connected state, also known as the PUSH approach (Gu et al, 2008a). • HTTP botnet (Zargar et al, 2013): HTTP botnets use HTTP protocol for C&C communication and to control the bots (Koo et al, 2011). HTTP botnet C&C server works just like a normal web server and the bot works just like a normal web client.…”

Section: Botnet Communicationsmentioning

confidence: 99%

Distributed Denial-of-Service (DDoS) Attacks and Defense Mechanisms in Various Web-Enabled Computing Platforms

Singh

Gupta

2022

International Journal on Semantic Web and Information Systems

View full text Add to dashboard Cite

The demand for Internet security has escalated in the last two decades because the rapid proliferation in the number of Internet users has presented attackers with new detrimental opportunities. One of the simple yet powerful attack, lurking around the Internet today, is the Distributed Denial-of-Service (DDoS) attack. The expeditious surge in the collaborative environments, like IoT, cloud computing and SDN, have provided attackers with countless new avenues to benefit from the distributed nature of DDoS attacks. The attackers protect their anonymity by infecting distributed devices and utilizing them to create a bot army to constitute a large-scale attack. Thus, the development of an effective as well as efficient DDoS defense mechanism becomes an immediate goal. In this exposition, we present a DDoS threat analysis along with a few novel ground-breaking defense mechanisms proposed by various researchers for numerous domains. Further, we talk about popular performance metrics that evaluate the defense schemes. In the end, we list prevalent DDoS attack tools and open challenges.

show abstract

“…The distinct P2P botnets across multiple hidden bots server will be identifying using multivariate statistical measurement in particular time slot. The botnets evolvement as clarified by [2], [8] on application based can be simplified as Table I. So in near future, the combination of HTTP and P2P protocols used botnets known as hybrid P2P botnets may be arise with stronger asymmetric cryptography, stronger encryption and private key usage for communication between bots.…”

Section: Introductionmentioning

confidence: 99%

Multivariate Statistical Analysis on Anomaly P2P Botnets Detection

Abdullah¹,

Faizal²,

Noh³

2017

ijacsa

View full text Add to dashboard Cite

Abstract-Botnets population is rapidly growing and they become a huge threat on the Internet. Botnets has been declared as Advanced Malware (AM) and Advanced Persistent Threat (APT) listed attacks which is able to manipulate advanced technology where the intricacy of threats need for continuous detection and protection. These attacks will be almost exclusive for financial gain. P2P botnets act as bots that use P2P technology to accomplish certain tasks. The evolution of P2P technology had generated P2P botnets to become more resilient and robust than centralized botnets. This poses a big challenge on detection and defences. In order to detect these botnets, a complete flow analysis is necessary. In this paper, we proposed anomaly detection through chi-square multivariate statistical analysis which currently focuses on time duration and time slot. This particular time is considered to identify the existence of botserver. We foiled both of host level and network level to make coordination within a P2P botnets and the malicious behaviour each bot exhibits for making detection decisions. The statistical approach result show a high detection accuracy and low false positive that make it as one of the promising approach to reveal botserver.

show abstract

Construction P2P firewall HTTP-Botnet defense mechanism

Cited by 10 publications

References 3 publications

Botnet evolution: Network traffic indicators

Botnet evolution: Network traffic indicators

Distributed Denial-of-Service (DDoS) Attacks and Defense Mechanisms in Various Web-Enabled Computing Platforms

Multivariate Statistical Analysis on Anomaly P2P Botnets Detection

Contact Info

Product

Resources

About