{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T14:43:37Z","timestamp":1740149017339,"version":"3.37.3"},"reference-count":11,"publisher":"Wiley","license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100004663","name":"Ministry of Science and Technology, Taiwan","doi-asserted-by":"publisher","award":["105-2221-E-008-074-MY3","106-3114-E-002-005"],"award-info":[{"award-number":["105-2221-E-008-074-MY3","106-3114-E-002-005"]}],"id":[{"id":"10.13039\/501100004663","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004663","name":"Ministry of Science and Technology, Taiwan","doi-asserted-by":"publisher","award":["105-2221-E-008-074-MY3","106-3114-E-002-005"],"award-info":[{"award-number":["105-2221-E-008-074-MY3","106-3114-E-002-005"]}],"id":[{"id":"10.13039\/501100004663","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2017]]},"abstract":"<jats:p>Web-based botnets are popular nowadays. A Web-based botnet is a botnet whose C&amp;C server and bots use HTTP protocol, the most universal and supported network protocol, to communicate with each other. Because the botnet communication can be hidden easily by attackers behind the relatively massive HTTP traffic, administrators of network equipment, such as routers and switches, cannot block such suspicious traffic directly regardless of costs. Based on the clients constituent of a Web server and characteristics of HTTP responses sent to clients from the server, this paper proposes a traffic inspection solution, called Web-based Botnet Detector (WBD). WBD is able to detect suspicious C&amp;C (Command-and-Control) servers of HTTP botnets regardless of whether the botnet commands are encrypted or hidden in normal Web pages. More than 500\u2009GB real network traces collected from 11 backbone routers are used to evaluate our method. Experimental results show that the false positive rate of WBD is 0.42%.<\/jats:p>","DOI":"10.1155\/2017\/5960307","type":"journal-article","created":{"date-parts":[[2017,12,3]],"date-time":"2017-12-03T18:31:28Z","timestamp":1512325888000},"page":"1-11","source":"Crossref","is-referenced-by-count":8,"title":["Detecting Web-Based Botnets Using Bot Communication Traffic Features"],"prefix":"10.1155","volume":"2017","author":[{"given":"Fu-Hau","family":"Hsu","sequence":"first","affiliation":[{"name":"Department of Computer Science and Information Engineering, National Central University, Taoyuan, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8310-5283","authenticated-orcid":true,"given":"Chih-Wen","family":"Ou","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Information Engineering, National Central University, Taoyuan, Taiwan"}]},{"given":"Yan-Ling","family":"Hwang","sequence":"additional","affiliation":[{"name":"School of Applied Foreign Languages, Chung Shan Medical University, Taichung, Taiwan"}]},{"given":"Ya-Ching","family":"Chang","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Information Engineering, National Central University, Taoyuan, Taiwan"}]},{"given":"Po-Ching","family":"Lin","sequence":"additional","affiliation":[{"name":"Department of Computer Science and Information Engineering, National Chung Cheng University, Chiayi, Taiwan"}]}],"member":"311","reference":[{"key":"27","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2012.06.021"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13708-2_30"},{"key":"23","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30955-7_5"},{"key":"35","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.04.007"},{"key":"19","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2014.2358814"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2011.05.026"},{"key":"34","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2013.2290197"},{"key":"22","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.091213.00134"},{"key":"29","doi-asserted-by":"publisher","DOI":"10.1007\/s11042-016-3555-3"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1145\/2818717"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2017.62"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2017\/5960307.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2017\/5960307.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2017\/5960307.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,12,3]],"date-time":"2017-12-03T18:31:34Z","timestamp":1512325894000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2017\/5960307\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"references-count":11,"alternative-id":["5960307","5960307"],"URL":"https:\/\/doi.org\/10.1155\/2017\/5960307","relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"type":"print","value":"1939-0114"},{"type":"electronic","value":"1939-0122"}],"subject":[],"published":{"date-parts":[[2017]]}}}