Abstract
Application developer has trend to take advantage of web as a communication medium environment to reach users because HTTP protocol is mostly allowed in any network environment nowadays. Unfortunately, cyber criminal is also fully exploit HTTP protocol to launch variety of forbidden actions such as application level attacks or spreading malware. Consequently, normal and malicious HTTP automated software (auto-ware) traffic are transparently merged with each other. Clustering and identifying between HTTP communication are raised as serious challenge in order to early investigate internal threats. In this paper, access graph and key features are suggested, based on which HTTP auto-ware communication behavior are recognized. From there, a novelty method in clustering and identifying HTTP auto-ware is presented. Experiment shows promising results since not just malicious communications are detected but also grayware traffic are clustered into groups and identified as their purposes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ashley, D.: An algorithm for http bot detection. University of Texas at Austin - Information Security Office (2011)
Lu, W., Tavallaee, M., Ghorbani, A.A.: Automatic discovery of botnet communities on large-scale communication networks. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp. 1–10. ACM, Sydney (2009)
AsSadhan, B., Moura, J.M.F.: An efficient method to detect periodic behavior in botnet traffic by analyzing control plane traffic. J. Adv. Res. 5(4), 435–448 (2014)
Chen, Y.-S., Yu, Y.-H., Liu, H.-S., Wang, P.-C.: Detect phishing by checking content consistency. In: 2014 IEEE 15th International Conference on Information Reuse and Integration (IRI), pp. 109–119. IEEE, Redwood City, August 2014
Chen, T.-C., Dick, S., Miller, J.: Detecting visually similar Web pages: application to phishing detection. ACM Trans. Internet Technol. 10(2), 1–38 (2010). Article 5. ACM
Bartlett, G., Heidemann, J., Papadopoulos, C.: Low-rate, flow-level periodicity detection. In: 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), pp. 804–809. IEEE, Shanghai, April 2011
Dubuisson, M.-P., Jain, A.K.: A modified Hausdorff distance for object matching. In: 1994 Proceedings of the 12th IAPR International Conference on Pattern Recognition, vol. 1 - Conference A: Computer Vision & Image Processing, vol. 1, pp. 566–568. IEEE, Jerusalem, 9–13 October 1994
Virus Total. http://virustotal.com/. Last checked on May 2016
McAfee Web Gateway. http://www.mcafee.com/us/products/web-gateway.aspx. Last checked on May 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Tran, M.C., Nguyen, H.N., Nguyen, M.H., Nakamura, Y. (2017). A Method for Clustering and Identifying HTTP Automated Software Communication. In: Akagi, M., Nguyen, TT., Vu, DT., Phung, TN., Huynh, VN. (eds) Advances in Information and Communication Technology. ICTA 2016. Advances in Intelligent Systems and Computing, vol 538. Springer, Cham. https://doi.org/10.1007/978-3-319-49073-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-49073-1_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49072-4
Online ISBN: 978-3-319-49073-1
eBook Packages: EngineeringEngineering (R0)