Cai et al., 2012 - Google Patents
Detecting HTTP botnet with clustering network trafficCai et al., 2012
- Document ID
- 7526583377750924227
- Author
- Cai T
- Zou F
- Publication year
- Publication venue
- 2012 8th international conference on wireless communications, networking and mobile computing
External Links
Snippet
Botnet is a great threat of the Internet nowadays. For now, Botnet has transformed to the complex one based on HTTP, P2P protocols from the simple Botnets which based on IRC protocol. In this paper, we evaluate the key features of HTTP Botnet and design a new …
- 238000001514 detection method 0 description 36
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
- H04L67/104—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network for peer-to-peer [P2P] networking; Functionalities or architectural details of P2P networks
- H04L67/1042—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network for peer-to-peer [P2P] networking; Functionalities or architectural details of P2P networks involving topology management mechanisms
- H04L67/1044—Group management mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
- H04L67/104—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network for peer-to-peer [P2P] networking; Functionalities or architectural details of P2P networks
- H04L67/1061—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network for peer-to-peer [P2P] networking; Functionalities or architectural details of P2P networks involving node-based peer discovery mechanisms
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Cai et al. | Detecting HTTP botnet with clustering network traffic | |
| Yen et al. | Beehive: Large-scale log analysis for detecting suspicious activity in enterprise networks | |
| Mahjabin et al. | A survey of distributed denial-of-service attack, prevention, and mitigation techniques | |
| US10721243B2 (en) | Apparatus, system and method for identifying and mitigating malicious network threats | |
| Lu et al. | Clustering botnet communication traffic based on n-gram feature selection | |
| KR101010302B1 (en) | Security management system and method of irc and http botnet | |
| Bagui et al. | Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset | |
| Davis et al. | Data preprocessing for anomaly based network intrusion detection: A review | |
| Rahbarinia et al. | Peerrush: Mining for unwanted p2p traffic | |
| JP2018513592A (en) | Behavior analysis based DNS tunneling detection and classification framework for network security | |
| Paulauskas et al. | Local outlier factor use for the network flow anomaly detection | |
| Jiang et al. | Detecting P2P botnets by discovering flow dependency in C&C traffic | |
| Xu et al. | Secure the Internet, one home at a time | |
| Narang et al. | PeerShark: flow-clustering and conversation-generation for malicious peer-to-peer traffic identification | |
| Zhang et al. | Systematic mining of associated server herds for malware campaign discovery | |
| Xue et al. | Design and implementation of a malware detection system based on network behavior | |
| Luxemburk et al. | Detection of https brute-force attacks with packet-level feature set | |
| Haddadi et al. | Botnet behaviour analysis: How would a data analytics‐based system with minimum a priori information perform? | |
| TW202009767A (en) | Gateway apparatus, detecting method of malicious domain and hacked host, and non-transitory computer readable medium thereof | |
| Garg et al. | Scalable P2P bot detection system based on network data stream | |
| Hsu et al. | Detecting Web‐Based Botnets Using Bot Communication Traffic Features | |
| Xing et al. | Peertrap: an unstructured P2P botnet detection framework based on SAW community discovery | |
| Hwa et al. | Review of peer-to-peer botnets and detection mechanisms | |
| Han et al. | A real-time android malware detection system based on network traffic analysis | |
| Rostami et al. | Analysis and detection of P2P botnet connections based on node behaviour |