• home
• current students
• graduate
• events

Presenter: Abdelrahman Alenazi
Supervisor:

Date: Thu, December 7, 2017
Time: 12:30:00 - 00:00:00
Place: Engineering Office Wing Room 430

ABSTRACT

HTTP botnets are currently the most popular form of botnets compared to IRC and P2P botnets. This is because, they are not only easier to implement, operate, and maintain, but they can easily evade the detection. Likewise, HTTP botnets flows can easily be buried in the huge volume of legitimate HTTP traffic occurring in many organizations, which makes the detection harder. In our research, we propose a new detection framework involving three detection models that can run independently or in an integrated framework. The first detector profiles the individual applications based on their interactions, and isolates accordingly the malicious ones. The second detector tracks the regularity in the timing of the bot DNS queries, and uses this as basis for detection. The third detector analyzes the characteristics of the domain names involved in the DNS, and identifies the algorithmically generated and fast flux domains, which are common occurrences in typical HTTP botnets. Several machine learning classifiers are investigated for each of the detectors. Experimental evaluation using public datasets and datasets collected in our testbed yield very encouraging performance results.

As for this seminar, we will demonstrate some of the recent ways that hackers use to evade by hiding their malicious behaviour using DNS, and discuss possibility for detecting such stealthy behaviour.