Proceedings ArticleDOI
Botnet Detection by Monitoring Group Activities in DNS Traffic
Hyunsang Choi,Hanwoo Lee,Heejo Lee,Hyogon Kim +3 more
- pp 715-720
TLDR
This paper proposes a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots, which is more robust than the previous approaches.Abstract:Â
Recent malicious attempts are intended to get financial benefits through a large pool of compromised hosts, which are called software robots or simply "bots." A group of bots, referred to as a botnet, is remotely controllable by a server and can be used for sending spam mails, stealing personal information, and launching DDoS attacks. Growing popularity of botnets compels to find proper countermeasures but existing defense mechanisms hardly catch up with the speed of botnet technologies. In this paper, we propose a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots. A few works have been proposed based on particular DNS information generated by a botnet, but they are easily evaded by changing bot programs. Our anomaly-based botnet detection mechanism is more robust than the previous approaches so that the variants of bots can be detectable by looking at their group activities in DNS traffic. From the experiments on a campus network, it is shown that the proposed mechanism can detect botnets effectively while bots are connecting to their server or migrating to another server.read more
Citations
More filters
Proceedings ArticleDOI
Research of an Innovative P2P-Based Botnet
TL;DR: A neighbor list selecting method based on Strongly Connected Graph and analysis of a super node selecting mechanism based on AHP shows that this mechanism can increase coverage probability of commands and decrease average connection time between super node and ordinary node.
Book ChapterDOI
Collaborative behavior visualization and its detection by observing darknet traffic
TL;DR: This paper uses the 3D-visualization to investigate the change of attack according to the darknet traffic and discovers the attack in which several source IP addresses transmit packets to a single destination within a short period of time.
Dissertation
Malicious trafic observation using a framework to parallelize and compose midpoint inspection devices.
TL;DR: Luth, a tool to compose and parallelize a set of midpoint inspectors (MI) that implement mini IDS, IPS or firewall-s, while checking the correction and optimality of the resulting inspection tree, using a configuration language, its interpreter and associated algorithms.
Proceedings ArticleDOI
A distributed network-sensor based intrusion detection framework in enterprise networks
Difan Zhang,Wei Yu,Rommie Hardy +2 more
TL;DR: This paper proposes a distributed network sensor based intrusion detection framework to detect the emerging stealthy attacks, including malware propagation in enterprise networks, and develops techniques, including a deep packet inspection to process network traffic efficiently.
Journal ArticleDOI
MADMAX: Browser-Based Malicious Domain Detection Through Extreme Learning Machine
Kazuki Iwahana,Tatsuya Takemura,Ju Chien Cheng,Nami Ashizawa,Naoki Umeda,Kodai Sato,Ryota Kawakami,Rei Shimizu,Yuichiro Chinen,Naoto Yanai +9 more
TL;DR: MadMAX as mentioned in this paper is a browser-based application leveraging extreme learning machine (ELM) for malicious domain detection, which selects optimized features to provide higher accuracy and throughput based on permutation importance.
References
More filters
Proceedings ArticleDOI
A multifaceted approach to understanding the botnet phenomenon
TL;DR: This paper attempts to clear the fog surrounding botnets by constructing a multifaceted and distributed measurement infrastructure, which shows that botnets represent a major contributor to unwanted Internet traffic and provides deep insights that may facilitate further research to curtail this phenomenon.
Proceedings Article
The Zombie roundup: understanding, detecting, and disrupting botnets
TL;DR: This paper outlines the origins and structure of bots and botnets and uses data from the operator community, the Internet Motion Sensor project, and a honeypot experiment to illustrate the botnet problem today and describes a system to detect botnets that utilize advanced command and control systems by correlating secondary detection data from multiple sources.
Dynamic Updates in the Domain Name System (DNS UPDATE)
TL;DR: The Domain Name System was originally designed to support queries of a statically configured database, but the frequency of changes was expected to be fairly low, and all updates were made as external edits to a zone's Master File.
Proceedings Article
Modeling Botnet Propagation Using Time Zones.
TL;DR: A diurnal propagation model is created that uses diurnal shaping functions to capture regional variations in online vulnerable populations and lets one compare propagation rates for different botnets, and prioritize response.
Book ChapterDOI
An Inside Look at Botnets
Paul Barford,Vinod Yegneswaran +1 more
TL;DR: A significant change in motivation for malicious activity has taken place over the past several years: from vandalism and recognition in the hacker community, to attacks and intrusions for financial gain, thereby escalating the network security arms race.
Related Papers (5)
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic
Guofei Gu,Junjie Zhang,Wenke Lee +2 more