Proceedings ArticleDOI
Botnet Detection by Monitoring Group Activities in DNS Traffic
Hyunsang Choi,Hanwoo Lee,Heejo Lee,Hyogon Kim +3 more
- pp 715-720
TLDR
This paper proposes a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots, which is more robust than the previous approaches.Abstract:
Recent malicious attempts are intended to get financial benefits through a large pool of compromised hosts, which are called software robots or simply "bots." A group of bots, referred to as a botnet, is remotely controllable by a server and can be used for sending spam mails, stealing personal information, and launching DDoS attacks. Growing popularity of botnets compels to find proper countermeasures but existing defense mechanisms hardly catch up with the speed of botnet technologies. In this paper, we propose a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots. A few works have been proposed based on particular DNS information generated by a botnet, but they are easily evaded by changing bot programs. Our anomaly-based botnet detection mechanism is more robust than the previous approaches so that the variants of bots can be detectable by looking at their group activities in DNS traffic. From the experiments on a campus network, it is shown that the proposed mechanism can detect botnets effectively while bots are connecting to their server or migrating to another server.read more
Citations
More filters
Multi-Stage Detection Technique for DNS-Based Botnets
TL;DR: This research aims to design and implement a multi-staged detection approach for Domain Generation Algorithm (DGA), Fast Flux Service Network, and Domain Flux-based botnets, as well as encrypted DNS tunneled-basedbotnets using the BRO Network Security Monitor.
Journal ArticleDOI
P2P Traffic Identification Algorithm Based on Topology
Ru Xia Sun,Chunyong Yin +1 more
TL;DR: A p2p identification algorithm based on topology that has a high detection rate and an acceptable low false alarm rate and only depends on three network behavior features.
Journal ArticleDOI
The Historical Perspective of Botnet tools
TL;DR: In this article, a comprehensive research work into botnet detection mechanism is presented, which mainly looks at how botnet as threat tool began, the trend since inception and as well as few approaches that have been used to curb it.
Journal Article
Detecting Spam Zombies with Semantic Matching Based NMF Hierarchical Clustering by Monitoring Outgoing Messages
TL;DR: This paper focuses on the spam detection problem for outgoing the messages in the larger organization applications such as educational data, university data, hospital sharing information data and individual mail communication, and proposes an semantic matching based Nonnegative matrix factorization clustering method in hierarchical structure.
References
More filters
Proceedings ArticleDOI
A multifaceted approach to understanding the botnet phenomenon
TL;DR: This paper attempts to clear the fog surrounding botnets by constructing a multifaceted and distributed measurement infrastructure, which shows that botnets represent a major contributor to unwanted Internet traffic and provides deep insights that may facilitate further research to curtail this phenomenon.
Proceedings Article
The Zombie roundup: understanding, detecting, and disrupting botnets
TL;DR: This paper outlines the origins and structure of bots and botnets and uses data from the operator community, the Internet Motion Sensor project, and a honeypot experiment to illustrate the botnet problem today and describes a system to detect botnets that utilize advanced command and control systems by correlating secondary detection data from multiple sources.
Dynamic Updates in the Domain Name System (DNS UPDATE)
TL;DR: The Domain Name System was originally designed to support queries of a statically configured database, but the frequency of changes was expected to be fairly low, and all updates were made as external edits to a zone's Master File.
Proceedings Article
Modeling Botnet Propagation Using Time Zones.
TL;DR: A diurnal propagation model is created that uses diurnal shaping functions to capture regional variations in online vulnerable populations and lets one compare propagation rates for different botnets, and prioritize response.
Book ChapterDOI
An Inside Look at Botnets
Paul Barford,Vinod Yegneswaran +1 more
TL;DR: A significant change in motivation for malicious activity has taken place over the past several years: from vandalism and recognition in the hacker community, to attacks and intrusions for financial gain, thereby escalating the network security arms race.
Related Papers (5)
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic
Guofei Gu,Junjie Zhang,Wenke Lee +2 more