A HTTP botnet detection system based on ranking mechanism

Abstract

Recently, the development of Internet technology makes network users more convenience. However, it also induces many security issues. The attackers usually distribute e-mail attached the malicious programs. After the users download the attached files and execute the malicious programs, the host has been invaded and becomes the bot. At the same time, attackers constantly update botnet to avoid them been detected. Therefore, an efficient botnet detection system is necessary. In this paper, a botnet detection system based on the network behavior ranking mechanism is proposed. The detection system has two parts. For the complete connection flows, the system aggregates flows with similar network features into same cluster. Then the system classifies the flows by the botnet sample in each cluster. After the suspicious flows are collected, the system puts all suspicious flows into bot ranking system to find the bot hosts. Finally, the system will find out the bot hosts satisfied all suspicious behaviors.