Proceedings ArticleDOI
Botnet Detection by Monitoring Group Activities in DNS Traffic
Hyunsang Choi,Hanwoo Lee,Heejo Lee,Hyogon Kim +3 more
- pp 715-720
TLDR
This paper proposes a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots, which is more robust than the previous approaches.Abstract:
Recent malicious attempts are intended to get financial benefits through a large pool of compromised hosts, which are called software robots or simply "bots." A group of bots, referred to as a botnet, is remotely controllable by a server and can be used for sending spam mails, stealing personal information, and launching DDoS attacks. Growing popularity of botnets compels to find proper countermeasures but existing defense mechanisms hardly catch up with the speed of botnet technologies. In this paper, we propose a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots. A few works have been proposed based on particular DNS information generated by a botnet, but they are easily evaded by changing bot programs. Our anomaly-based botnet detection mechanism is more robust than the previous approaches so that the variants of bots can be detectable by looking at their group activities in DNS traffic. From the experiments on a campus network, it is shown that the proposed mechanism can detect botnets effectively while bots are connecting to their server or migrating to another server.read more
Citations
More filters
Proceedings ArticleDOI
Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks
Ting-Fang Yen,Alina Oprea,Kaan Onarlioglu,Todd Leetham,William Robertson,Ari Juels,Engin Kirda +6 more
TL;DR: A novel system, Beehive, that attacks the problem of automatically mining and extracting knowledge from the dirty log data produced by a wide variety of security products in a large enterprise, and is able to identify malicious events and policy violations which would otherwise go undetected.
Patent
Machine learning based botnet detection using real-time extracted traffic features
TL;DR: In this article, a method for identifying a botnet in a network, including analyzing historical network data using a pre-determined heuristic to determine values of a feature in the historical data, obtaining a ground truth data set having labels assigned to data units, identifying known malicious nodes in the network, and categorizing the data unit as associated with the botnet based on the label.
Journal ArticleDOI
Detecting and Preventing Cyber Insider Threats: A Survey
TL;DR: This survey takes into account the early stage threats which may lead to a malicious insider rising up and reviews the countermeasures from a data analytics perspective.
Patent
Distributed malware detection
TL;DR: In this article, a computer-implemented method includes accessing, using one or more processing units, a first file of a plurality of files requested to be analyzed for malware, and generating an output comprising an indication of whether the first file comprises malware.
Proceedings ArticleDOI
A Survey of Botnet Technology and Defenses
TL;DR: This survey paper provides a brief look at how existing botnet research, the evolution and future of botnets, as well as the goals and visibility of today’s networks intersect to inform the field of botnet technology and defense.
References
More filters
Proceedings ArticleDOI
A multifaceted approach to understanding the botnet phenomenon
TL;DR: This paper attempts to clear the fog surrounding botnets by constructing a multifaceted and distributed measurement infrastructure, which shows that botnets represent a major contributor to unwanted Internet traffic and provides deep insights that may facilitate further research to curtail this phenomenon.
Proceedings Article
The Zombie roundup: understanding, detecting, and disrupting botnets
TL;DR: This paper outlines the origins and structure of bots and botnets and uses data from the operator community, the Internet Motion Sensor project, and a honeypot experiment to illustrate the botnet problem today and describes a system to detect botnets that utilize advanced command and control systems by correlating secondary detection data from multiple sources.
Dynamic Updates in the Domain Name System (DNS UPDATE)
TL;DR: The Domain Name System was originally designed to support queries of a statically configured database, but the frequency of changes was expected to be fairly low, and all updates were made as external edits to a zone's Master File.
Proceedings Article
Modeling Botnet Propagation Using Time Zones.
TL;DR: A diurnal propagation model is created that uses diurnal shaping functions to capture regional variations in online vulnerable populations and lets one compare propagation rates for different botnets, and prioritize response.
Book ChapterDOI
An Inside Look at Botnets
Paul Barford,Vinod Yegneswaran +1 more
TL;DR: A significant change in motivation for malicious activity has taken place over the past several years: from vandalism and recognition in the hacker community, to attacks and intrusions for financial gain, thereby escalating the network security arms race.
Related Papers (5)
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic
Guofei Gu,Junjie Zhang,Wenke Lee +2 more