Skip to main content
Journal ArticleOPEN ACCESS

Detecting Web-Based Botnets Using Bot Communication Traffic Features

Security and Communication Networks (2017) 2017
DOI: 10.1155/2017/5960307
11Citations
Citations of this article
36Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Web-based botnets are popular nowadays. A Web-based botnet is a botnet whose C&C server and bots use HTTP protocol, the most universal and supported network protocol, to communicate with each other. Because the botnet communication can be hidden easily by attackers behind the relatively massive HTTP traffic, administrators of network equipment, such as routers and switches, cannot block such suspicious traffic directly regardless of costs. Based on the clients constituent of a Web server and characteristics of HTTP responses sent to clients from the server, this paper proposes a traffic inspection solution, called Web-based Botnet Detector (WBD). WBD is able to detect suspicious C&C (Command-and-Control) servers of HTTP botnets regardless of whether the botnet commands are encrypted or hidden in normal Web pages. More than 500 GB real network traces collected from 11 backbone routers are used to evaluate our method. Experimental results show that the false positive rate of WBD is 0.42%.

References Powered by Scopus

The rise of social bots

Communications of the ACM
1386Citations
N/AReaders
Get full text

Botnets and Internet of Things Security

Computer
514Citations
N/AReaders
Get full text

Your botnet is my botnet: Analysis of a botnet takeover

Proceedings of the ACM Conference on Computer and Communications Security
470Citations
N/AReaders
Get full text
View more at Scopus

Cited by Powered by Scopus

Distributed Denial-of-Service (DDoS) Attacks and Defense Mechanisms in Various Web- Enabled Computing Platforms: Issues, Challenges, and Future Research Directions

International Journal on Semantic Web and Information Systems
89Citations
N/AReaders
Get full text

Synthetic minority oversampling technique for optimizing classification tasks in botnet and intrusion-detection-system datasets

Applied Sciences (Switzerland)
69Citations
N/AReaders
Get full text

Data-Driven Malware Detection for 6G Networks: A Survey From the Perspective of Continuous Learning and Explainability via Visualisation

IEEE Open Journal of Vehicular Technology
17Citations
N/AReaders
Get full text
View more at Scopus

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Hsu, F. H., Ou, C. W., Hwang, Y. L., Chang, Y. C., & Lin, P. C. (2017). Detecting Web-Based Botnets Using Bot Communication Traffic Features. Security and Communication Networks, 2017. https://doi.org/10.1155/2017/5960307

Readers over time

‘17‘18‘19‘20‘21‘22‘23‘240481216

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 12

63%

Researcher 4

21%

Professor / Associate Prof. 2

11%

Lecturer / Post doc 1

5%

Readers' Discipline

Tooltip

Computer Science 18

86%

Physics and Astronomy 1

5%

Business, Management and Accounting 1

5%

Engineering 1

5%

Article Metrics

Tooltip
Social Media
Shares, Likes & Comments: 5

Save time finding and organizing research with Mendeley

Sign up for free
0