Proceedings ArticleDOI
Botnet Detection by Monitoring Group Activities in DNS Traffic
Hyunsang Choi,Hanwoo Lee,Heejo Lee,Hyogon Kim +3 more
- pp 715-720
TLDR
This paper proposes a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots, which is more robust than the previous approaches.Abstract:
Recent malicious attempts are intended to get financial benefits through a large pool of compromised hosts, which are called software robots or simply "bots." A group of bots, referred to as a botnet, is remotely controllable by a server and can be used for sending spam mails, stealing personal information, and launching DDoS attacks. Growing popularity of botnets compels to find proper countermeasures but existing defense mechanisms hardly catch up with the speed of botnet technologies. In this paper, we propose a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots. A few works have been proposed based on particular DNS information generated by a botnet, but they are easily evaded by changing bot programs. Our anomaly-based botnet detection mechanism is more robust than the previous approaches so that the variants of bots can be detectable by looking at their group activities in DNS traffic. From the experiments on a campus network, it is shown that the proposed mechanism can detect botnets effectively while bots are connecting to their server or migrating to another server.read more
Citations
More filters
Book ChapterDOI
Characterizing Command and Control Channel of Mongoose Bots Over TOR
TL;DR: Preliminary experimental evaluation results show that the analysis is promising to reveal significant characteristics of Mongoose in which patterns of occurrence frequency for each individual character between mongoose bot traffic and normal traffic generated by non-bot machine are very different.
A Self-healing Framework for Enterprise networks to combat Botnets infections
TL;DR: The Self-healing architecture, the detailed modules used in the design and how they interact with each other to defend against the impact of botnet infections in the enterprise network are presented.
Dissertation
Botnet detection : a numerical and heuristic analysis
TL;DR: In this paper, the authors present an anomaly-based botnet detection system for detecting polymorphic botnets, which are impossible to identify by simple signature-based systems such as signatures.
Proceedings ArticleDOI
A Hands-on Approach on Botnets for Behavior Exploration.
TL;DR: An educational tool that consists of an open-source botnet software kit with built-in functionalities that enables anyone with some computer technical knowledge, to experiment and find out how botnets work and can be changed and adapted to a variety of useful applications.
Posted Content
Mitigating Botnet Attack Using Encapsulated Detection Mechanism (EDM)
TL;DR: Nigeria as a country loses above one hundred and twenty five (N125) billion naira to network fraud annually, end users such as Banks and other financial institutions battle daily the botnet threats.
References
More filters
Proceedings ArticleDOI
A multifaceted approach to understanding the botnet phenomenon
TL;DR: This paper attempts to clear the fog surrounding botnets by constructing a multifaceted and distributed measurement infrastructure, which shows that botnets represent a major contributor to unwanted Internet traffic and provides deep insights that may facilitate further research to curtail this phenomenon.
Proceedings Article
The Zombie roundup: understanding, detecting, and disrupting botnets
TL;DR: This paper outlines the origins and structure of bots and botnets and uses data from the operator community, the Internet Motion Sensor project, and a honeypot experiment to illustrate the botnet problem today and describes a system to detect botnets that utilize advanced command and control systems by correlating secondary detection data from multiple sources.
Dynamic Updates in the Domain Name System (DNS UPDATE)
TL;DR: The Domain Name System was originally designed to support queries of a statically configured database, but the frequency of changes was expected to be fairly low, and all updates were made as external edits to a zone's Master File.
Proceedings Article
Modeling Botnet Propagation Using Time Zones.
TL;DR: A diurnal propagation model is created that uses diurnal shaping functions to capture regional variations in online vulnerable populations and lets one compare propagation rates for different botnets, and prioritize response.
Book ChapterDOI
An Inside Look at Botnets
Paul Barford,Vinod Yegneswaran +1 more
TL;DR: A significant change in motivation for malicious activity has taken place over the past several years: from vandalism and recognition in the hacker community, to attacks and intrusions for financial gain, thereby escalating the network security arms race.
Related Papers (5)
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic
Guofei Gu,Junjie Zhang,Wenke Lee +2 more