Abstract
Application developer has trend to take advantage of web as a communication medium environment to reach users because HTTP protocol is mostly allowed in any network environment nowadays. Unfortunately, cyber criminal is also fully exploit HTTP protocol to launch variety of forbidden actions such as application level attacks or spreading malware. Consequently, normal and malicious HTTP automated software (auto-ware) traffic are transparently merged with each other. Clustering and identifying between HTTP communication are raised as serious challenge in order to early investigate internal threats. In this paper, access graph and key features are suggested, based on which HTTP auto-ware communication behavior are recognized. From there, a novelty method in clustering and identifying HTTP auto-ware is presented. Experiment shows promising results since not just malicious communications are detected but also grayware traffic are clustered into groups and identified as their purposes.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
