A Technique for the Botnet Detection Based on DNS-Traffic Analysis

被引:0
|
作者
Pomorova, Oksana [1 ]
Savenko, Oleg [1 ]
Lysenko, Sergii [1 ]
Kryshchuk, Andrii [1 ]
Bobrovnikova, Kira [1 ]
机构
[1] Khmelnitsky Natl Univ, Dept Syst Programming, Khmelnitsky, Ukraine
来源
COMPUTER NETWORKS, CN 2015 | 2015年 / 522卷
关键词
Botnet; Bot; DNS-traffic; DNS-query; Group activity;
D O I
10.1007/978-3-319-19419-6_12
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
A technique for botnet detection based on a DNS-traffic is developed. Botnets detection based on the property of bots group activity in the DNS-traffic, which appears in a small period of time in the group DNS-queries of hosts during trying to access the C&C-servers, migrations, running commands or downloading the updates of the malware. The method takes into account abnormal behaviors of the hosts' group, which are similar to botnets: hosts' group does not honor DNS TTL, carry out the DNS-queries to non-local DNS-servers. Method monitors large number of empty DNS-responses with NXDOMAIN error code. Proposed technique is able to detect botnet with high efficiency.
引用
收藏
页码:127 / 138
页数:12
相关论文
共 50 条
  • [1] A Review of Botnet Detection Approaches Based on DNS Traffic Analysis
    Al-Mashhadi, Saif
    Anbar, Mohammed
    Karuppayah, Shankar
    Al-Ani, Ahmed K.
    INTELLIGENT AND INTERACTIVE COMPUTING, 2019, 67 : 305 - 321
  • [2] Holistic Model for HTTP Botnet Detection Based on DNS Traffic Analysis
    Alenazi, Abdelraman
    Traore, Issa
    Ganame, Karim
    Woungang, Isaac
    INTELLIGENT, SECURE, AND DEPENDABLE SYSTEMS IN DISTRIBUTED AND CLOUD ENVIRONMENTS (ISDDC 2017), 2017, 10618 : 1 - 18
  • [3] BotCVD: Visual analysis of DNS traffic for botnet detection
    Jiang, H. (hellojhl@163.com), 1600, Advanced Institute of Convergence Information Technology (04):
  • [4] Technique for IoT Cyberattacks Detection Based on DNS Traffic Analysis
    Bobrovnikova, Kira
    Lysenko, Sergii
    Gaj, Piotr
    Martynyuk, Valeriy
    Denysiuk, Dmytro
    PROCEEDINGS OF THE 1ST INTERNATIONAL WORKSHOP ON INTELLIGENT INFORMATION TECHNOLOGIES & SYSTEMS OF INFORMATION SECURITY (INTELITSIS 2020), VOL 1, 2020, 2623 : 208 - 218
  • [5] Botnet detection by monitoring group activities in DNS traffic
    Choi, Hyunsang
    Lee, Hanwoo
    Lee, Heejo
    Kim, Hyogon
    2007 CIT: 7TH IEEE INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION TECHNOLOGY, PROCEEDINGS, 2007, : 715 - 720
  • [6] BotMAD: Botnet Malicious Activity Detector Based on DNS Traffic Analysis
    Sharma, Pooja
    Kumar, Sanjeev
    Sharma, Neeraj
    PROCEEDINGS ON 2016 2ND INTERNATIONAL CONFERENCE ON NEXT GENERATION COMPUTING TECHNOLOGIES (NGCT), 2016, : 824 - 830
  • [7] A survey of botnet detection based on DNS
    Kamal Alieyan
    Ammar ALmomani
    Ahmad Manasrah
    Mohammed M. Kadhum
    Neural Computing and Applications, 2017, 28 : 1541 - 1558
  • [8] A survey of botnet detection based on DNS
    Alieyan, Kamal
    ALmomani, Ammar
    Manasrah, Ahmad
    Kadhum, Mohammed M.
    NEURAL COMPUTING & APPLICATIONS, 2017, 28 (07): : 1541 - 1558
  • [9] Botnet Detection Technology Based on DNS
    Li, Xingguo
    Wang, Junfeng
    Zhang, Xiaosong
    FUTURE INTERNET, 2017, 9 (04)
  • [10] Detecting DGA-Based Botnet with DNS Traffic Analysis in Monitored Network
    Dinh-Tu Truong
    Cheng, Guang
    Jakalan, Ahmad
    Guo, Xiaojun
    Zhou, Aiping
    JOURNAL OF INTERNET TECHNOLOGY, 2016, 17 (02): : 217 - 230
12345