{"title":"大规模Web应用社区的僵尸网络行为挖掘","authors":"Dan Garant, Wei Lu","doi":"10.1109/WAINA.2013.235","DOIUrl":null,"url":null,"abstract":"Botnets are networks of compromised computers controlled under a common command and control channel. Recognized as one of the most serious security threats on current Internet infrastructure, botnets are often hidden in existing applications, e.g. IRC, HTTP, or peer-to-peer, which makes botnet detection a challenging problem. In this paper we propose a new, centralized, fully-encrypted, botnet system called Weasel. A set of signatures are examined and formalized to differentiate the behaviors of Weasel and normal web applications. Through these signatures, we apply a set of data mining techniques to detect the web based botnet behaviors on a web application community formed on a campus backbone network. The proposed approach was evaluated with over 400 thousand flows collected over seven consecutive days on a large scale network and results show the proposed approach successfully detects the botnet flows with a high detection rate and an acceptably low false alarm rate.","PeriodicalId":359251,"journal":{"name":"2013 27th International Conference on Advanced Information Networking and Applications Workshops","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Mining Botnet Behaviors on the Large-Scale Web Application Community\",\"authors\":\"Dan Garant, Wei Lu\",\"doi\":\"10.1109/WAINA.2013.235\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Botnets are networks of compromised computers controlled under a common command and control channel. Recognized as one of the most serious security threats on current Internet infrastructure, botnets are often hidden in existing applications, e.g. IRC, HTTP, or peer-to-peer, which makes botnet detection a challenging problem. In this paper we propose a new, centralized, fully-encrypted, botnet system called Weasel. A set of signatures are examined and formalized to differentiate the behaviors of Weasel and normal web applications. Through these signatures, we apply a set of data mining techniques to detect the web based botnet behaviors on a web application community formed on a campus backbone network. The proposed approach was evaluated with over 400 thousand flows collected over seven consecutive days on a large scale network and results show the proposed approach successfully detects the botnet flows with a high detection rate and an acceptably low false alarm rate.\",\"PeriodicalId\":359251,\"journal\":{\"name\":\"2013 27th International Conference on Advanced Information Networking and Applications Workshops\",\"volume\":\"52 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-03-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 27th International Conference on Advanced Information Networking and Applications Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WAINA.2013.235\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 27th International Conference on Advanced Information Networking and Applications Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WAINA.2013.235","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Mining Botnet Behaviors on the Large-Scale Web Application Community
Botnets are networks of compromised computers controlled under a common command and control channel. Recognized as one of the most serious security threats on current Internet infrastructure, botnets are often hidden in existing applications, e.g. IRC, HTTP, or peer-to-peer, which makes botnet detection a challenging problem. In this paper we propose a new, centralized, fully-encrypted, botnet system called Weasel. A set of signatures are examined and formalized to differentiate the behaviors of Weasel and normal web applications. Through these signatures, we apply a set of data mining techniques to detect the web based botnet behaviors on a web application community formed on a campus backbone network. The proposed approach was evaluated with over 400 thousand flows collected over seven consecutive days on a large scale network and results show the proposed approach successfully detects the botnet flows with a high detection rate and an acceptably low false alarm rate.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
