论文信息 - Malicious HTTP communication detection based on access graph analysis

Malicious HTTP communication detection based on access graph analysis

HTTP is recognized as the most widely used protocol on the Internet when development of applications is transferred more and more onto the web. Therefore, malicious developers trend to exploit HTTP as a communication media environment to spread forbidden actions. Detection of malicious HTTP communication is a really huge challenging job since the malicious HTTP communication is transparently merged with other type of HTTP traffic. Hence, in this paper, based on previous studies and by analyzing HTTP communication behavior through access graph, a new method is proposed to detect malicious HTTP communication. Experiment results are promising since detection precision constitutes a proportion of 86.96%.

Yasuhiro Nakamura | Manh Cong Tran | Sei Kudo

[1] Stephen D. Bay,et al. Mining distance-based outliers in near linear time with randomization and a simple pruning rule , 2003, KDD '03.

[2] Yasuhiro Nakamura,et al. Classification of HTTP Automated Software Communication Behavior Using a NoSQL Database , 2016 .

[3] Niels Provos,et al. CAMP: Content-Agnostic Malware Protection , 2013, NDSS.

[4] Yasuhiro Nakamura,et al. Classification of HTTP automated software communication behaviour using NoSql database , 2016, 2016 International Conference on Electronics, Information, and Communications (ICEIC).

[5] Anil K. Jain,et al. A modified Hausdorff distance for object matching , 1994, Proceedings of 12th International Conference on Pattern Recognition.

[6] Farnam Jahanian,et al. CloudAV: N-Version Antivirus in the Network Cloud , 2008, USENIX Security Symposium.

[7] José M. F. Moura,et al. An efficient method to detect periodic behavior in botnet traffic by analyzing control plane traffic , 2013, Journal of advanced research.

[8] N. M. Tahir,et al. An efficient false alarm reduction approach in HTTP-based botnet detection , 2013, 2013 IEEE Symposium on Computers & Informatics (ISCI).