Google scholar arxiv informatics ads IJAIS publications are indexed with Google Scholar, NASA ADS, Informatics et. al.

Call for Paper

-

May Edition 2020

International Journal of Applied Information Systems solicits high quality original research papers for the May 2020 Edition of the journal. The last date of research paper submission is April 15, 2020.

Detecting HTTP Botnet using Artificial Immune System (AIS)

Amit Kumar Tyagi, Sadique Nayeem Published in Artificial Intelligence

International Journal of Applied Information Systems
Year of Publication 2012
© 2010 by IJAIS Journal
10.5120/ijais12-450385
Download full text
  1. Amit Kumar Tyagi and Sadique Nayeem. Article: Detecting HTTP Botnet using Artificial Immune System (AIS). International Journal of Applied Information Systems 2(6):34-37, May 2012. BibTeX

    @article{key:article,
    	author = "Amit Kumar Tyagi and Sadique Nayeem",
    	title = "Article: Detecting HTTP Botnet using Artificial Immune System (AIS)",
    	journal = "International Journal of Applied Information Systems",
    	year = 2012,
    	volume = 2,
    	number = 6,
    	pages = "34-37",
    	month = "May",
    	note = "Published by Foundation of Computer Science, New York, USA"
    }
    

Abstract

Today's various malicious programs are "installed" on machines all around the world, without any permission of the users, and transform these machines into Bots, i. e. , hosts completely under to control of the attackers. Botnet is a collection of compromised Internet hosts (thousands of Bots) that have been installed with remote control software developed by malicious users to maximize the profit performing illegal activities like DDoS, Spamming, and Phishing etc attack on online network. Moreover various types of Command and Control(C&C) infrastructure based Botnets are existing today e. g. IRC, P2P, HTTP Botnet. Among these Botnet, HTTP Botnet has been a group of Bots that perform similar communication and malicious activity patterns within the same Botnet through GET and POST message. Generally the evolution to HTTP began with advances in "exploit kits" e. g. , Zeus Botnet, SpyEye Botnet, Black Energy Botnet but in later due to protocol changing; Communication encryption; intermittent communications; Botnet subgrouping Source concealment, and firewall friendly of Botnet, HTTP Botnet is the most interest of the research community. In this paper, we proposed a new general HTTP Botnet detection framework for real time network using Artificial Immune System (AIS). Generally AIS is a new bio-inspired model which applies to solving various problems in information security; we used this concept in our proposed framework to make it more efficient in detection of HTTP Botnet. Hence finally in this paper, we used AIS to detect effectively malicious activities such as spam and port scanning in Bot infected hosts to detect these malicious exploits kit from a computer system. Our experimental evaluations show that our approach can detects HTTP Botnet activities successfully with high efficiency and low false positive rate.

Reference

  1. Zeidanloo, H. R. ; BT Manaf, A. ; Vahdani, P. ; "Botnet Detection Based on Traffic Monitoring", International Conference on Networking and Information Technology, 2010.
  2. Hossein Rouhani Zeidanloo, Azizah BT Abdul Manaf et. al "A proposed framework to detect P2P Bots", IACSIT International Journal of Engineering and Technology, Vol. 2, No. 2, April 2010 ISSN: 1793-8236.
  3. Wei-Zhou Lu; Shun-Zheng Yu, "An HTTP Flooding Detection Method Based on Browser Behavior", International Conference on Computational Intelligence and Security, 2006.
  4. Steven Gianvecchio, MengjunXie, Zhenyu Wu, and Haining Wang, "Humans and Bots in Internet Chat: Measurement, Analysis, and Automated Classification", IEEE/ACM Transactions on Networking, 2011.
  5. Paul Bächer et. al "Know your Enemy: Tracking Botnets", IEEE, 2005.
  6. Brett Stone-Gross et. al "Your Botnet is My Botnet: Analysis of a Botnet Takeover", 16th ACM conference on Computer and communications security, 2009.
  7. Hossein Rouhani Zeidanloo, Azizah Abdul Manaf, "Botnet Detection by Monitoring Similar Communication Patterns". International Journal of Computer Science and Information Security, Vol. 7, No. 3, Pages 36-45, March 2010, ISSN 1947-5500.
  8. K. W. Yeom, J. H. Park: "An Immune System Inspired Approach of Collaborative Intrusion Detection System Using Mobile Agents in Wireless Ad Hoc Networks", CIS (2) 2005: 204-211
  9. Michalis Polychronakis_ Panayiotis Mavrommatis Niels Provos "Ghost turns Zombie:Exploring the Life Cycle of Web-based Malware ",1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, 2008.
  10. Niels Provos, Dean McNamee, Panayiotis Mavrommatis et. al, "The Ghost in the Browser: Analysis of Web-based Malware ",first conference on First Workshop on Hot Topics in Understanding Botnets, 2007.
  11. Keisuke Takemori1, Masakatsu Nishigaki2 et. al, "Detection of Bot Infected PCs Using Destination-based IP and Domain Whitelists during a Non-operating Term", IEEE, 2008
  12. L. N. de Castro, J. Timmis. "Artificial Immune Systems: A New Computational Intelligence Approach" Springer, 2002.
  13. Fu, H. , Yuan, X. and Hu, L. "Design of a four-layer model based on danger theory and AIS for IDS", International Conference on Wireless Communications, Networking and Mobile Computing. IEEE, 2007.
  14. Zeidanloo, H. R; Manaf, A. A. "Botnet Command and Control Mechanisms". Second International Conference on Computer and Electrical Engineering, 2009. ICCEE. Page(s):564-568.
  15. Daryl Ashley, "An Algorithm for HTTP Bot Detection", January 12, 2011.
  16. Govil, J. ; Jivika, G. ; "Criminology of Botnets and theirDetection and Defense Methods", IEEE International Conference on Electro/Information Technology, 2007.
  17. Xiaonan Zang, Athichart Tangpong, George Kesidis and David J. Miller, "Botnet Detection through Fine Flow Classification", CSE Dept Technical Report No. CSE11-001, Jan. 31, 2011.
  18. S. Forrest, A. S. Perelson, L. Allen, R. Cherukuri, "Self–nonself discrimination in a computer", in: Proc. IEEE Symposium on Research Security and Privacy, 1994, pp. 202–212.
  19. S. Hofmeyr, S. Forrest, "Architecture for an artificial immune system", Evolutionary Computation. 2000. 7 (1) 1289–1296.
  20. Gu, G. , Perdisci, R. , Zhang, J. , and Lee, W. (2008). "BotMiner: Clustering analysis of network traffic for protocol- and structure-independent Botnet detection". Proceedings of the 17th USENIX Security Symposium (Security'08).
  21. Tao Wang , Shun-Zheng Yu "Centralized Botnet detection through traffic aggregation", IEEE International Symposium on Parallel and Distributed Processing with Applications, 2009.
  22. Dae-il Jang, Minsoo Kim, Hyun-chul Jung, Bong-Nam "Analysis of HTTP2P Botnet: Case Study Waledac ", IEEE 9th Malaysia International Conference on Communications, 2009.
  23. J. E. Hunt and D. E. Cooke, "Learning Using an Artificial Immune System", Journal of Network and Computer Application, 19, pp. 189-212, 1996.
  24. T. S. Guzellaa, T. A. Mota-Santosb, J. Q. Uchôac, and W. M. Caminhasa, "Identification of SPAM messages using an approach inspired on the immune system" , Science Direct, 2008. 92(3). 215-225.
  25. Oda, T. White, T. "Increasing the accuracy of a SPAM-detecting artificial immune system". In: Proceedings of the IEEE CEC, 2003, vol. 1, pp. 390 396.
  26. Yatagai, T. ; Isohara, T. ; Sasase, I. ; ,"Detection of HTTP-GET flood Attack: Based on Analysis of Page Access Behavior", IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, 2007.
  27. Jehyun Lee, Jonghun Kwon, Hyo-Jeong Shin, Heejo Lee, "Tracking Multiple C&C Botnets by Analyzing DNS Traffic", IEEE, 2010.
  28. Binbin Wang, Zhitang Li , Dong Li ,Feng Liu, Hao Chen, "Modeling Connections Behavior for Web-based Bots Detection", 2nd International Conference on e-Business and Information System Security (EBISS), 2010
  29. Bezerra, G. B. , Barra, T. V. , Ferreira, H. M. , Knidel, H. , de Castro, L. N. , Zuben, "An immunological filter for SPAM". Lect. Notes Comput. Sci. F. J. V. , 2006.
  30. Greensmith, J. , Aikelin, U. "Dendritic cells for SYN scan detection". Genetic and Evolutionary Computation Conference. 2007.
  31. J. Greensmith, U. Aickelin, and S. Cayzer. " Introducing dendritic cells as a novel immune-inspired algorithm for anomaly detection", In ICARIS-05, LNCS 3627, pages 153–167, 2005.
  32. Hugo F González Robledo, "Types of hosts on a Remote File Inclusion (RFI) Botnet", Electronics RoBotics and Automotive Mechanics Conference, 2008.
  33. Chia-Mei Chen, Ya-Hui Ou, and Yu-Chou Tsai "Web Botnet Detection Based on Flow Information", IEEE, 2010
  34. U Aickelin, P Bentley, S Cayzer, J Kim, and J McLeod. Danger theory:" The link between ais and ids" , In Proc. of the Second Internation Conference on Artificial Immune Systems (ICARIS-03), pages 147–155, 2003.
  35. J. Greensmith, U. Aickelin, and J. Twycross. "Articulation and clarification of the Dendritic Cell Algorithm", In ICARIS-06, LNCS 4163, pages 404–417, 2006.
  36. Argus (Audit Record Generation and Utilization System, HTTP://www. qosient. com/argus)
  37. Hossein Rouhani Zeidanloo "New Approach for Detection of IRC and P2P Botnets" International Journal of Computer and Electrical Engineering, Vol. 2, No. 6, December, 2010.
  38. Collins, M. , Shimeall, T. , Faber, S. , Janies, J. , Weaver, R. , Shon, M. D. , and Kadane, J. , "Using uncleanliness to predict future Botnet addresses," in Proceedings of ACM/USENIX Internet Measurement Conference (IMC'07), 2007.
  39. ZHUGE, J. , HOLZ, T. , HAN, X. , GUO, J. , and ZOU, W. , "Characterizing the IRC based Botnet phenomenon. " Peking University& University ofMannheim Technical Report, 2007.
  40. J. Timmisa, A. Honec, T. Stibord and E. Clarka, "Theoretical advances in artificial immune systems". In: Theoretical Computer Science, Science Direct, 2008. 403(1): 11-32.
  41. Hossein Rouhani Zeidanloo and Azizah Abdul Manaf, "Botnet Detection Based on Passive Network Traffic Monitoring". International Conference on Computer Communication and Network, Orlando, FL, USA, July 2010.
  42. Hossein Rouhani Zeidanloo, et. al "A Taxonomy of Botnet Detection Techniques". International Conference on the 3nd IEEE International Conference on Computer Science and Information Technology. Chengdu, China, July 2010.

Keywords

Botnet, Bot, Ais, Spam, Scan, Http Bot