Yan Ling Hwang scite author profile

Yan Ling Hwang

5Publications

14Citation Statements Received

40Citation Statements Given

How they've been cited

How they cite others

Affiliations

Chung Shan Medical University, Institute for Information Industry

Publications

Order By: Most citations

Detecting Web-Based Botnets Using Bot Communication Traffic Features

Hsu

Hwang

et al. 2017

Security and Communication Networks

View full text Add to dashboard Cite

Web-based botnets are popular nowadays. A Web-based botnet is a botnet whose C&C server and bots use HTTP protocol, the most universal and supported network protocol, to communicate with each other. Because the botnet communication can be hidden easily by attackers behind the relatively massive HTTP traffic, administrators of network equipment, such as routers and switches, cannot block such suspicious traffic directly regardless of costs. Based on the clients constituent of a Web server and characteristics of HTTP responses sent to clients from the server, this paper proposes a traffic inspection solution, called Web-based Botnet Detector (WBD). WBD is able to detect suspicious C&C (Command-and-Control) servers of HTTP botnets regardless of whether the botnet commands are encrypted or hidden in normal Web pages. More than 500 GB real network traces collected from 11 backbone routers are used to evaluate our method. Experimental results show that the false positive rate of WBD is 0.42%.

show abstract

TRAP: A Three-Way Handshake Server for TCP Connection Establishment

et al. 2016

View full text Add to dashboard Cite

Distributed denial of service attacks have become more and more frequent nowadays. In 2013, a massive distributed denial of service (DDoS) attack was launched against Spamhaus causing the service to shut down. In this paper, we present a three-way handshaking server for Transmission Control Protocol (TCP) connection redirection utilizing TCP header options. When a legitimate client attempted to connect to a server undergoing an SYN-flood DDoS attack, it will try to initiate a three-way handshake. After it has successfully established a connection, the server will reply with a reset (RST) packet, in which a new server address and a secret is embedded. The client can, thus, connect to the new server that only accepts SYN packets with the corrected secret using the supplied secret.

show abstract

Hawkeye: Finding spamming accounts

Hsu

Chen

et al. 2014

View full text Add to dashboard Cite

Email spam is a critical problem to the Internet for a long time. The average amount of spam mail reached 72.1% of all email traffic in the world in 2012. The greatest threat to the email service providers was the spam mail sent from botnet, because the spam mail sent from botnet was accounting for more than 78% in 2011; therefore appeared many anti-spam solutions and techniques that were focus on the botnet. Owing to these anti-spam techniques, botnet spam is not effective as before. Spammers are finding new way to send the spam mail. One of the effective methods is using compromised accounts (or bot accounts) to send the spam mail because compromised accounts have good reputation IP addresses and compromised accounts send the spam mail with complete SMTP implemented server, such as Gmail, Yahoo!Mail, and Microsoft Live Mail. The spam mail send form compromised accounts are very difficult to be detected by any anti-spam techniques. Hence, we focus on the features spammers cannot easily hide. According to our research we find that normal users usually do not reply to the spam mail. Moreover, our empirical analysis reveals that the compromised account actually have low reply rate. We develop a system called "Hawkeye" that can find the compromised accounts effectively by checking the account's reply rate.

show abstract

Handover: A mechanism to improve the reliability and availability of network services for clients behind a network address translator

Hsu

Hwang

Chang

et al. 2018

Computers & Electrical Engineering

View full text Add to dashboard Cite

JokerBot – An Android-Based Botnet

Jiang

Jhang

Hsu³

et al. 2013

AMM

View full text Add to dashboard Cite

Due to the trend that mobile devices are getting more and more popular, smart phone security becomes an important issue nowadays. This paper proposes an Android-based botnet, called JokerBot, to show the possible security problems in mobile devices. This paper describes JokerBot framework. JokerBot designs its own communication mechanism to allow different bots to communicate with each other. An attacker can use JokerBot to trigger many kinds of potential attacks, such as monitoring the SMS messages and location disclosure. Moreover, after a bot is created in a compromised smartphone, it is difficult to locate the botmaster and detect whether the smartphone is infected or not. Finally, this paper proposes some defense mechanisms to protect a smartphone against JokerBot attacks.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yan Ling Hwang

Detecting Web-Based Botnets Using Bot Communication Traffic Features

TRAP: A Three-Way Handshake Server for TCP Connection Establishment

Hawkeye: Finding spamming accounts

Handover: A mechanism to improve the reliability and availability of network services for clients behind a network address translator

JokerBot – An Android-Based Botnet

Contact Info

Product

Resources

About