Abstract
Botnets have become a rampant platform for malicious attacks, which poses a significant threat to internet security. The recent botnets have begun using common protocols such as HTTP which makes it even harder to distinguish their communication patterns. Most of the HTTP bot communications are based on TCP connections. In this work some TCP related features have been identified for the detection of HTTP botnets. With these features a Multi-Layer Feed Forward Neural Network training model using Bold Driver Back-propagation learning algorithm is created. The algorithm has the advantage of dynamically changing the learning rate parameter during weight updation process. Using this approach, Spyeye and Zeus botnets are efficiently identified. A comparison of the actively trained neural network model with a C4.5 Decision Tree, Random Forest and Radial Basis Function indicated that the actively learned neural network model has better identification accuracy with less false positives.
Chapter PDF
Similar content being viewed by others
References
Lai, G.H., Chen, C.M., Tzeng, R.Y., Laih, C.S., Faloutsos, C.: Botnet Detection by Abnormal IRC Traffic Analysis. In: Proceedings of the Fourth Joint Workshop on Information Security, JWIS (2009)
Sarkar, D.: Methods to speed up error back-propagation learning algorithm. ACM Computing Surveys 27(4), 519–542 (1995)
Nogueira, A., de Oliveira, M.R., Salvador, P., Valadas, R., Pacheco, A.: Classification of internet users using discriminant analysis and neural networks. In: First Conference on Traffic Engineering for the Next Generation Internet, pp. 341–348 (April 2005)
Debar, H., Becker, M., Siboni, D.: A neural network component for an intrusion detection system. In: Proceedings of the ACM/IEEE Symposium on Research in Security and Privacy, Los Almitos, CA, May 4-6, pp. 240–250 (1992)
Salvador, P., Nogueira, A., Franca, U., Valadas, R.: Framework for Zombie Detection Using Neural Networks. In: Proceedings of the Fourth International IEEE Conference on Internet Monitoring and Protection ICIMP 2009, pp. 14–16 (2009)
Freiling, F.C., Holz, T., Wicherski, G.: Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 319–335. Springer, Heidelberg (2005)
Goebel, J., Holz, T.: Rishi: Identify bot contaminated hosts by irc nickname evaluation. In: Proceedings of USENIX HotBots 2007 (2007)
Binkley, J.R., Singh, S.: An algorithm for anomaly based botnet detection. In: Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet (SRUTI 2006), San Jose, CA (July 2006)
Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-scale botnet detection and characterization. In: First Workshop on Hot Topics in Understanding Botnets (HotBots 2007), Cambridge, MA (April 2007)
Dagon, D.: Botnet Detection and Response. In: Operations, Analysis and Research Center Workshop (July 2005)
Masud, M.M., Al-khateeb, T., Khan, L., Thuraisingham, B., Hamlen, K.W.: Flow- based identification of Botnet traffic by mining multiple log files. In: Proceedings of the International Conference on Distributed Framework & Application, Penang, Malaysia (2008)
Chen, C.-M., Ou, Y.-H., Tsai, Y.-C.: Web Botnet Detection based on Flow Information. In: International Computer Symposium 2010, pp. 381–384. IEEE (2010)
Wang, B., Li, Z., Li, D., Liu, F., Chen, H.: Modeling Connections Behavior for WebBased Bots Detection. In: IEEE International Conference on e-Business and Information System Security, EBISS 2010, Wuhan, pp. 1–4 (2010)
Gu, G., et al.: BotMiner: Clustering Analysis of Network traffic for protocol and structure independent botnet detection. In: Proceedings of 17th Conference on Security Symposium, pp. 139–154. ACM Digital Library (2008)
Shalabi, A.L., Shaaban, Z.: Normalization as a preprocessing engine for data mining and the approach of preference matrix. In: Proceedings of the International IEEE Conference on Dependability of Computer Systems, 2006, pp. 207–214 (2006)
Moradi, M., Zulkernine, M.: A neural network based system for intrusion detection and classification of attacks. In: Proceedings of the 2004 IEEE International Conference on Advances in Intelligent Systems - Theory and Applications, Luxembourg-Kirchberg, Canada, November 15-18 (2004)
Kukiełka, P., Kotulski, Z.: Analysis of Different Architectures of Neural Networks for Application in Intrusion Detection Systems. In: Proceedings of the IEEE International Multi Conference on Computer Science and Information Technology, pp. 807–811 (2008)
Abbes, T., Bouhoula, A., Rusinowitch, M.: Protocol Analysis in Intrusion Detection Using Decision Tree. In: Proceedings of the IEEE International Conference on Information Technology: Coding and Computing (ITCC 2004), pp. 404–408 (April 2004)
Zhang, J., Zulkernine, M., Haque, A.: Random-Forests-Based Network Intrusion Detection System. IEEE Transactions on Systems, Man, and Cybernetics 38(5), 649–659 (2008)
Rapaka, A., Novokhodko, A., Wunsch, D.: Intrusion detection using radial basis function network on sequence of system calls. In: Proceedings of the IEEE International Joint Conference on Neural Networks (IJCNN 2003), Portland, OR, USA, July 20-24, vol. 3, pp. 1820–1825 (2003)
Jiang, J., Zhang, C., Kamel, M.: RBF-based real-time hierarchical intrusion detection systems. In: Proceedings of the IEEE International Joint Conference on Neural Networks (IJCNN 2003), Portland, OR, USA, July 20-24, vol. 2, pp. 1512–1516. IEEE Press (2003)
Zhang, C., Jiang, J., Kamel, M.: Comparison of BPL and RBF Network in Intrusion Detection System. In: Wang, G., Liu, Q., Yao, Y., Skowron, A. (eds.) RSFDGrC 2003. LNCS (LNAI), vol. 2639, p. 466–470. Springer, Heidelberg (2003)
Anotnio, N., Salvador, P., Blessa, F.: A Botnet Detection System Based on Neural Networks. In: Proceedings of Fifth International Conference on Digital Telecommunications, pp. 57–62 (2010)
Binsalleeh, H., Ormerod, T., Bouhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L.: On the Analysis of the Zeus Botnet Crimeware Toolkit. In: Proceedings of the IEEE Eighth Annual Conference on Privacy, Security and Trust, PST, Ottawa, Canada, August 17-19 (2010)
Xu, T., He, D., Luo, Y.: DDoS attack detection based on RLT features. In: Proceedings of International Conference on Computational Intelligence and Security, pp. 697–700 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kirubavathi Venkatesh, G., Anitha Nadarajan, R. (2012). HTTP Botnet Detection Using Adaptive Learning Rate Multilayer Feed-Forward Neural Network. In: Askoxylakis, I., Pöhls, H.C., Posegga, J. (eds) Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems. WISTP 2012. Lecture Notes in Computer Science, vol 7322. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30955-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-30955-7_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30954-0
Online ISBN: 978-3-642-30955-7
eBook Packages: Computer ScienceComputer Science (R0)