||Nowadays, botnets use virus to infect computers all around the world and turn them into bots. By controlling the large number of bots, attacker can do whatever they want. Most of the botnets receive and send messages through HTTP or P2P channel. No matter which kind of botnet they are, the technology and number of the botnet keep rising in these years.|
In this paper, our target is to find the connection between bots and C&C Server in HTTP. We will analyze the behavior and signature of the traffic which one computer connect to one server through HTTP, and detect the malicious connections.
In the study, we will analyze the traffic by the following steps. First, we will use DBSCAN to analyze the behavior of traffic, and distribute them into 4 classes. Next, we will use Ant Colony Optimization to detect whether the connection is suspicious or not. Last, we will analyze the HTTP Header’s signature in the traffic. In this study, we can detect the botnets with less information but with a faster speed, and get higher detection rate through analyzing the behavior and signature at the same time.