Proceedings ArticleDOI
Botnet Detection by Monitoring Group Activities in DNS Traffic
Hyunsang Choi,Hanwoo Lee,Heejo Lee,Hyogon Kim +3 more
- pp 715-720
TLDR
This paper proposes a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots, which is more robust than the previous approaches.Abstract:
Recent malicious attempts are intended to get financial benefits through a large pool of compromised hosts, which are called software robots or simply "bots." A group of bots, referred to as a botnet, is remotely controllable by a server and can be used for sending spam mails, stealing personal information, and launching DDoS attacks. Growing popularity of botnets compels to find proper countermeasures but existing defense mechanisms hardly catch up with the speed of botnet technologies. In this paper, we propose a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots. A few works have been proposed based on particular DNS information generated by a botnet, but they are easily evaded by changing bot programs. Our anomaly-based botnet detection mechanism is more robust than the previous approaches so that the variants of bots can be detectable by looking at their group activities in DNS traffic. From the experiments on a campus network, it is shown that the proposed mechanism can detect botnets effectively while bots are connecting to their server or migrating to another server.read more
Citations
More filters
DissertationDOI
Early detection of malicious web content with applied machine learning
TL;DR: BayeShield is described, a browser-based tool capable of successfully identifying phishing attacks in the wild and TopSpector, a system designed to forecast malicious activity prior to it’s occurrence is presented.
Proceedings ArticleDOI
Internet security protection for IRC-based botnet
Wenzheng Zhu,Chang Hoon Lee +1 more
TL;DR: This paper proposes a novel method for botnet based on IRC analysis and detection to protect computers from attackers, and tries to use a new IRC server to instead of the original malicious C&C (control and command) server.
Patent
Modeling user working time using authentication events within an enterprise network
Alina Oprea,Ting-Fang Yen +1 more
TL;DR: In this article, the authors present a method for modeling user working time using authentication events within an enterprise network, which includes collecting multiple instances of activity within a specified period of time, and creating a model based on those collected instances, which comprises a temporal pattern of activity associated with the given device.
Journal ArticleDOI
The Concept of Electronic Terrorist Acts in International Criminal Law
TL;DR: In this paper, the authors identify the role of technology in spreading terrorism, identify cybercrime sanctions in international public law, and identify gaps in international Public Law in reducing cyber terrorism by identifying weaknesses.
Proceedings ArticleDOI
B2B E-Commerce Adoption in Developing Countries: A Chinese Study
TL;DR: Wang et al. as mentioned in this paper studied the adoption of B2B E-commerce in China, one of the major economic countries in the world with a sizeable absolute GDP, as a particular example for developing countries.
References
More filters
Proceedings ArticleDOI
A multifaceted approach to understanding the botnet phenomenon
TL;DR: This paper attempts to clear the fog surrounding botnets by constructing a multifaceted and distributed measurement infrastructure, which shows that botnets represent a major contributor to unwanted Internet traffic and provides deep insights that may facilitate further research to curtail this phenomenon.
Proceedings Article
The Zombie roundup: understanding, detecting, and disrupting botnets
TL;DR: This paper outlines the origins and structure of bots and botnets and uses data from the operator community, the Internet Motion Sensor project, and a honeypot experiment to illustrate the botnet problem today and describes a system to detect botnets that utilize advanced command and control systems by correlating secondary detection data from multiple sources.
Dynamic Updates in the Domain Name System (DNS UPDATE)
TL;DR: The Domain Name System was originally designed to support queries of a statically configured database, but the frequency of changes was expected to be fairly low, and all updates were made as external edits to a zone's Master File.
Proceedings Article
Modeling Botnet Propagation Using Time Zones.
TL;DR: A diurnal propagation model is created that uses diurnal shaping functions to capture regional variations in online vulnerable populations and lets one compare propagation rates for different botnets, and prioritize response.
Book ChapterDOI
An Inside Look at Botnets
Paul Barford,Vinod Yegneswaran +1 more
TL;DR: A significant change in motivation for malicious activity has taken place over the past several years: from vandalism and recognition in the hacker community, to attacks and intrusions for financial gain, thereby escalating the network security arms race.
Related Papers (5)
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic
Guofei Gu,Junjie Zhang,Wenke Lee +2 more