Detecting HTTP-based botnet based on characteristic of the C&C session using by SVM

Kazumasa Yamauchi; Yoshiaki Hori; Kouichi Sakurai

doi:10.1109/ASIAJCIS.2013.17

Detecting HTTP-based botnet based on characteristic of the C&C session using by SVM

Kazumasa Yamauchi, Yoshiaki Hori, Kouichi Sakurai

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Citations (Scopus)

Abstract

With the spread of computer, the increase of malware is a serious problem. In some malware, damage caused by botnet is a serious problem. Botnets perform the attack by remote control. The purpose of the present work is to suppress the botnet activity by detecting the C&C traffic through well-suited observations. There already exists many detection techniques, most of which focus on IRC-based botnet, and very little focus on HTTP-based botnet, even less, which include comparisons between both detection techniques. In this work, we focus on the HTTP-based botnet, and in order to classify normal HTTP session and C&C session, we make use of Support Vector Machine.

Original language	English
Title of host publication	Proceedings - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013
Publisher	IEEE Computer Society
Pages	63-68
Number of pages	6
ISBN (Print)	9780769550756
DOIs	https://doi.org/10.1109/ASIAJCIS.2013.17
Publication status	Published - Jan 1 2013
Event	2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013 - Seoul, Korea, Republic of Duration: Jul 25 2013 → Jul 26 2013

Publication series

Name	Proceedings - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013

Other

Other	2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013
Country/Territory	Korea, Republic of
City	Seoul
Period	7/25/13 → 7/26/13

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Information Systems

Access to Document

10.1109/ASIAJCIS.2013.17

Cite this

Yamauchi, K., Hori, Y., & Sakurai, K. (2013). Detecting HTTP-based botnet based on characteristic of the C&C session using by SVM. In Proceedings - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013 (pp. 63-68). Article 6621653 (Proceedings - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013). IEEE Computer Society. https://doi.org/10.1109/ASIAJCIS.2013.17

Detecting HTTP-based botnet based on characteristic of the C&C session using by SVM. / Yamauchi, Kazumasa; Hori, Yoshiaki; Sakurai, Kouichi.
Proceedings - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013. IEEE Computer Society, 2013. p. 63-68 6621653 (Proceedings - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yamauchi, K, Hori, Y & Sakurai, K 2013, Detecting HTTP-based botnet based on characteristic of the C&C session using by SVM. in Proceedings - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013., 6621653, Proceedings - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013, IEEE Computer Society, pp. 63-68, 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013, Seoul, Korea, Republic of, 7/25/13. https://doi.org/10.1109/ASIAJCIS.2013.17

@inproceedings{ea8302cd83274973815e4708532604d0,

title = "Detecting HTTP-based botnet based on characteristic of the C&C session using by SVM",

abstract = "With the spread of computer, the increase of malware is a serious problem. In some malware, damage caused by botnet is a serious problem. Botnets perform the attack by remote control. The purpose of the present work is to suppress the botnet activity by detecting the C&C traffic through well-suited observations. There already exists many detection techniques, most of which focus on IRC-based botnet, and very little focus on HTTP-based botnet, even less, which include comparisons between both detection techniques. In this work, we focus on the HTTP-based botnet, and in order to classify normal HTTP session and C&C session, we make use of Support Vector Machine.",

author = "Kazumasa Yamauchi and Yoshiaki Hori and Kouichi Sakurai",

year = "2013",

month = jan,

day = "1",

doi = "10.1109/ASIAJCIS.2013.17",

language = "English",

isbn = "9780769550756",

series = "Proceedings - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013",

publisher = "IEEE Computer Society",

pages = "63--68",

booktitle = "Proceedings - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013",

address = "United States",

note = "2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013 ; Conference date: 25-07-2013 Through 26-07-2013",

}

TY - GEN

T1 - Detecting HTTP-based botnet based on characteristic of the C&C session using by SVM

AU - Yamauchi, Kazumasa

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2013/1/1

Y1 - 2013/1/1

N2 - With the spread of computer, the increase of malware is a serious problem. In some malware, damage caused by botnet is a serious problem. Botnets perform the attack by remote control. The purpose of the present work is to suppress the botnet activity by detecting the C&C traffic through well-suited observations. There already exists many detection techniques, most of which focus on IRC-based botnet, and very little focus on HTTP-based botnet, even less, which include comparisons between both detection techniques. In this work, we focus on the HTTP-based botnet, and in order to classify normal HTTP session and C&C session, we make use of Support Vector Machine.

AB - With the spread of computer, the increase of malware is a serious problem. In some malware, damage caused by botnet is a serious problem. Botnets perform the attack by remote control. The purpose of the present work is to suppress the botnet activity by detecting the C&C traffic through well-suited observations. There already exists many detection techniques, most of which focus on IRC-based botnet, and very little focus on HTTP-based botnet, even less, which include comparisons between both detection techniques. In this work, we focus on the HTTP-based botnet, and in order to classify normal HTTP session and C&C session, we make use of Support Vector Machine.

UR - http://www.scopus.com/inward/record.url?scp=84889057187&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84889057187&partnerID=8YFLogxK

U2 - 10.1109/ASIAJCIS.2013.17

DO - 10.1109/ASIAJCIS.2013.17

M3 - Conference contribution

AN - SCOPUS:84889057187

SN - 9780769550756

T3 - Proceedings - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013

SP - 63

EP - 68

BT - Proceedings - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013

PB - IEEE Computer Society

T2 - 2013 8th Asia Joint Conference on Information Security, AsiaJCIS 2013

Y2 - 25 July 2013 through 26 July 2013

ER -

Detecting HTTP-based botnet based on characteristic of the C&C session using by SVM

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this