Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Inferring the Stealthy Bridges Between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks Read chapter Read first chapter

2015 | OriginalPaper | Chapter

Domain Algorithmically Generated Botnet Detection and Analysis

Authors : Xiaolin Xu, Yonglin Zhou, Qingshan Li

Published in: International Conference on Security and Privacy in Communication Networks

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

To detect domains used by botnet and generated by algorithms, a new technique is proposed to analyze the query difference between algorithmically generated domain and legal domain based on a fact that every domain name in the domain group generated by one botnet has similar live time and query style. We look for suspicious domains in DNS traffic, and use change distance to verify these suspicious domains used by botnet. Then we tried to describe botnet change rate and change scope using domain change distance. Through deploying our system at operators’ RDNS, experiments were carried to validate the effectiveness of detection method. The experiment result shows that the method can detect algorithmically generated domains used by botnet.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Coordination and Concurrency Aware Likelihood Assessment of Simultaneous Attacks
next chapter Towards Improving Service Accessibility by Adaptive Resource Distribution Strategy
Literature
1.
Abu Rajab, M., Zarfoss, J., Monrose, F., et al.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 41–52. ACM (2006)
2.
Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: Third International Conference on Emerging Security Information, Systems and Technologies, SECURWARE 2009, pp. 268–273. IEEE (2009)
3.
Porras, P., Saïdi, H., Yegneswaran, V.: A foray into Conficker’s logic and rendezvous points. In: USENIX Workshop on Large-Scale Exploits and Emergent Threats, pp. 10–11 (2009)
4.
5.
Royal, P.: On the Kraken and Bobax botnets. Whitepaper, Damball, April 2008
6.
Stone-Gross, B., Cova, M., Cavallaro, L., et al.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications security, pp. 635–647. ACM (2009)
7.
Yadav, S., Reddy, A., Reddy, A., Ranja, S.: Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th Annual Conference on Internet Measurement, pp. 48–61. ACM, Melbourne, Australia (2010)
8.
Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From throw-away traffic to bots: detecting the rise of DGA-based malware. In: The 21th USENIX Security Symposium, Bellevue, WA, 8–10 August 2012
9.
Caglayan, A., Toothaker, M., Drapeau, D., et al.: Real-time detection of fast flux service networks. In: Conference For Homeland Security, 2009. CATCH 2009. Cybersecurity Applications and Technology, pp. 285–292. IEEE (2009)
10.
Wu, J., Zhang, L., Liang, J., et al.: A comparative study for fast-flux service networks detection. In: 2010 Sixth International Conference on Networked Computing and Advanced Information Management (NCM), pp. 346–350. IEEE (2010)
Metadata
Title
Domain Algorithmically Generated Botnet Detection and Analysis
Authors
Xiaolin Xu
Yonglin Zhou
Qingshan Li
Copyright Year
2015
Book
International Conference on Security and Privacy in Communication Networks

Print ISBN: 978-3-319-23828-9

Electronic ISBN: 978-3-319-23829-6

Copyright Year: 2015

DOI
https://doi.org/10.1007/978-3-319-23829-6_38

Premium Partner

    Image Credits