參考文獻 |
[1] Apostolis Zarras,Papadogiannakis, Antonis , Gawlik, Robert and Holz, Thorsten., “Automated generation of models for fast and precise detection of http-based malware,” in Proc. of the 12th Annual International Conference on Privacy, Security and Trust, PST, pp. 249–256, 2014.
[2] Alomari, Esraa, Manickam, Selvakumar, Gupta, B.B., Singh, Parminder and Anbar, Mohammed. Design, deployment and use of HTTP-based botnet (HBB) testbed. In: 16th International Conference on Advanced Communication Technology. IEEE, 2014. p. 1265-1269.
[3] Cai, Tao; Zou, Futai. Detecting HTTP botnet with clustering network traffic. In:Wireless Communications, Networking and Mobile Computing (WiCOM), 2012 8th International Conference on. IEEE, 2012. p. 1-7.
[4] Chiba, Daiki, Yagi, Takeshi, Akiyama, Mitsuaki, Aoki, Kazufumi, Hariu Takeo and Goto, Shigeki. BotProfiler: Profiling Variability of Substrings in HTTP Requests to Detect Malware-Infected Hosts. In: Trustcom/BigDataSE/ISPA, 2015 IEEE., p. 758-765.
[5] Eslahi, Meisam, Hashim H and Tahir NM. An efficient false alarm reduction approach in HTTP-based botnet detection. In: Computers & Informatics (ISCI), 2013 IEEE Symposium on. IEEE, 2013. p. 201-205.
[6] Gao, Cuixia; LI, Zhitang. Discovering host anomalies in multi-source information. In: 2009 International Conference on Multimedia Information Networking and Security. IEEE, 2009. p. 358-361.
[7] Grill, Martin; Rehak, Martin. Malware detection using HTTP user-agent discrepancy identification. In: 2014 IEEE International Workshop on Information Forensics and Security (WIFS). IEEE, 2014. p. 221-226.
[8] Hiruta S., Yamaguchi Y., Shimada H and Takakura H. Evaluation on Malware Classification by Combining Traffic Analysis and Fuzzy Hashing of Malware Binary. In: Proceedings of the International Conference on Security and Management (SAM). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp), 2015. p. 89.
[9] Huang, Shin-Ying, Yu, Fang, Tsaih, Rua-Huan and Huang, Yennun. Network-traffic anomaly detection with incremental majority learning. In: 2015 International Joint Conference on Neural Networks (IJCNN). IEEE, 2015. p. 1-8.
[10] Kheir, Nizar. Behavioral classification and detection of malware through http user agent anomalies. Journal of Information Security and Applications, 2013, 18.1: 2-13.
[11] Ma, Justin, Saul Lawrence, Savage, Stefan and Voelker, Geoffrey M. Beyond blacklists: learning to detect malicious web sites from suspicious URLs. In: Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining. ACM, 2009. p. 1245-1254.
[12] Marchal, Samuel, Jérôme François, Radu State and Thomas Engel. PhishStorm: Detecting Phishing With Streaming Analytics. Network and Service Management, IEEE Transactions on, 2014, 11.4: 458-471.
[13] Nataliani, Yessica and Wellem, Theophilus. HTTP Traffic Graph Clustering using Markov Clustering Algorithm. International Journal of Computer Applications, 2014, 90.2
[14] Nelms, Terry; Perdisci, Roberto; AHAMAD, Mustaque. ExecScent: Mining for new C&C domains in live networks with adaptive control protocol templates. In: Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13). 2013. p. 589-604.
[15] Perdisci, Roberto; LEE, Wenke; FEAMSTER, Nick. Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces. In: NSDI. 2010. p. 391-404.
[16] Tran, Manh Cong; NAKAMURA, Yasuhiro. Web Access Behaviour Model for Filtering Out HTTP Automated Software Accessed Domain. In: Proceedings of the 10th International Conference on Ubiquitous Information Management and Communication. ACM, 2016. p. 67.
[17] Qin Tao, Guan, Xiaohong, Wang, Chenxu and Liu Zhaoli. MUCM: multilevel user cluster mining based on behavior profiles for network monitoring. IEEE Systems Journal, 2015, 9.4: 1322-1333.
[18] Xu, Kuai; Wang, Feng; Gu, Lin. Behavior analysis of internet traffic via bipartite graphs and one-mode projections. Networking, IEEE/ACM Transactions on, 2014, 22.3: 931-942.
[19] Yamauchi, Kazumasa; HORI, Yoshiaki; SAKURAI, Kouichi. Detecting HTTP-Based Botnet Based on Characteristic of the C & C Session Using by SVM. In:Information Security (Asia JCIS), 2013 Eighth Asia Joint Conference on. IEEE, 2013. p. 63-68.
[20] Zhao, Guodong, Xu Ke, Xu Lei and Wu, Bo. Detecting APT Malware Infections Based on Malicious DNS and Traffic Analysis. IEEE Access, 2015, 3: 1132-1142.
[21] Tobias Lewis et al.(2013) HTTP header heuristics for malware detection. Available from : https://www.sans.org/reading-room/whitepapers/detection/http-header-heuristics-malware-detection-34460
[22] Roland Zegers et al.(2015). HTTP Header Analysis. Available from : http://www.delaat.net/rp/2014-2015/p91/report.pdf
[23] LibSVM software . Available from : http://www.csie.ntu.edu.tw/~cjlin/libsvm
[24] Parkour, M. (2013). Collection of Pcap files from malware analysis. Available from http://contagiodump.blogspot.co.uk/2013/04/collection-of-pcap-files-frommalware.html
[25] McAfee Labs. (2013) Periodic connections to control server offer new way to detect botnets. Available : http://blogs.mcafee.com/mcafee-labs/periodic-links-to-controlserver-offer-new-way-to-detect-botnets
[26] RFC2616: TCP Protocol Available: https://tools.ietf.org/html/rfc2616
[27] TrendLabs2015年資訊安全總評” Available : http://www.trendmicro.tw/cloud-content/tw/pdfs/security-intelligence/reports/rpt-setting-the-stage.pdf
[28] Weka software. Available from : http://www.cs.waikato.ac.nz/ml/weka/
[29] Scikitlearn. Available from: http://scikit-learn.org
[30] 趨勢科技研究報告: 鎖定目標攻擊所使用的後門程式技。Available from http://blog.trendmicro.com.tw/wp-content/uploads/2014/10/wp-backdoor-use-in-targeted-attacks.pdf |