685 Hits in 3.8 sec


2011 Proceedings of the International Conference on Security and Cryptography   unpublished
This identification is based mainly in DNS records of registered domains where command-andcontrol servers are hosted.  ...  One of the most important malware are botnets that convert infected computers into agents that follow actions instructed by a command-and-control server. A botmaster can control thousands of agents.  ...  ACKNOWLEDGEMENTS This work was supported by S21sec labs through the research project SEGUR@, funded by the Spanish Ministry of Industry, Tourism and Trade, on the framework of CENIT programme with reference  ... 
doi:10.5220/0003522903070316 fatcat:5q63aboqszb6dmyftyls4npoxy

Semantics based analysis of botnet activity from heterogeneous data sources

Santiago Ruano Rincon, Sandrine Vaton, Antoine Beugnard, Serge Garlatti
2015 2015 International Wireless Communications and Mobile Computing Conference (IWCMC)  
This approach is able to enhance current DNS based botnet detection methods, taking into account additional heterogeneous analysis elements.  ...  Based on this architecture, we implement a tool that looks for malicious bot activity, studying, from a unique point of view, DNS traffic from PCAP sources, and TCP connections from IPFIX reports.  ...  In this work, we focus on DNS based detection methods, since as we can conclude from [6] , they may be lightweight, and depending on the approach, able to detect a large number of botnets, even if they  ... 
doi:10.1109/iwcmc.2015.7289115 dblp:conf/iwcmc/RinconVBG15 fatcat:7zbgmazxl5dgrpl6tz4oose4jy

Profiling IoT-Based Botnet Traffic Using DNS

Owen P. Dwyer, Angelos K. Marnerides, Vasileios Giotsas, Troy Mursch
2019 2019 IEEE Global Communications Conference (GLOBECOM)  
We firstly discuss features used in profiling botnets in the past and indicate how profiling IoT-based botnets in particular can be improved by leveraging DNS information out of a single DNS record.  ...  This work provides a novel DNS-based profiling scheme over real datasets of Mirai-alike botnet activity captured on honeypots that are globally distributed.  ...  Based on this technique, our honeypots have detected 811,636 Mirai-alike probes between 2017/02/17 -2019/03/07.  ... 
doi:10.1109/globecom38437.2019.9014300 dblp:conf/globecom/DwyerMGM19 fatcat:6vejmhg7v5ee5hpsnyk4edlf5i

Detecting Network Anomalies In ISP Network Using DNS And NetFlow

Andreas Tedja, Charles Lim, Heru Purnomo Ipung
DNS works by translating IP address to its associateddomain name. DNS are often being exploited by hackers to do its malicious activities.  ...  However, there are stillnumerous ways to detect fast flux, one of them is by analysing DNS data. Domain Name System(DNS) is a crucial part of the Internet.  ...  Aside from that, it seems that there is no particular steps done by the cloud hosting service to prevent its service from hosting malware, so for the time being, the bots hosted on cloud hosting services  ... 
doi:10.33555/iconiet.v2i3.38 fatcat:hln3wvmbrrdyxlsilg324ap5om

Statistical Characterization of the Botnets C&C Traffic

Pedro Correia, Eduardo Rocha, António Nogueira, Paulo Salvador
2012 Procedia Technology - Elsevier  
Characterizing existing botnets is crucial to design and efficient detection methodology.  ...  Detecting botnets is a hard task and traditional network security systems are unable to successfully complete it.  ...  Acknowledgments This research was supported in part by Fundação para a Ciência e a Tecnologia under the research projects PTDC/EEA-TEL/101880/2008 and PEst-OE/EEI/LA0008/2011.  ... 
doi:10.1016/j.protcy.2012.02.030 fatcat:j2tyk6h6fzdevdeu23ulgxqfte

A multifaceted approach to understanding the botnet phenomenon

Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis
2006 Proceedings of the 6th ACM SIGCOMM on Internet measurement - IMC '06  
To the best of our knowledge, botnet behavior has never been methodically studied, botnet prevalence on the Internet is mostly a mystery, and the botnet life has yet to be modeled.  ...  spreading activity.  ...  Additional information on how to get timely access to this data is available at http://hinrg.cs.  ... 
doi:10.1145/1177080.1177086 dblp:conf/imc/RajabZMT06 fatcat:zdkscmtu4repdjxc6w6af26bvq

A Hybrid Association Rule-Based Method to Detect and Classify Botnets

Yuanyuan Huang, Lu Jiazhong, Haozhe Tang, Xiaolei Liu, Weiwei Liu
2021 Security and Communication Networks  
In this paper, we propose an algorithm based on a hybrid association rule to detect and classify the botnets, which can calculate botnets' boundary traffic features and receive effects in the identification  ...  Combining with the advantages of the existing time-based detection methods, we do a global correlation analysis on the characteristics of botnets, to judge whether the detection objects can be botnets  ...  Methods based on network traffic detection can be divided into two types: active detection and passive detection.  ... 
doi:10.1155/2021/1028878 fatcat:2bsodpzq45ezxamv6ls6f4tn2y

Identifying botnets by capturing group activities in DNS traffic

Hyunsang Choi, Heejo Lee
2012 Computer Networks  
The proposed mechanism, referred to as BotGAD (botnet group activity detector) needs a small amount of data from DNS traffic to detect botnet, not all network traffic content or known signatures.  ...  In this paper, we propose a light-weight mechanism to detect botnets using their fundamental characteristics, i.e., group activity.  ...  The preliminary version of this paper was presented in IEEE CIT [1] and COMSWARE [2] .  ... 
doi:10.1016/j.comnet.2011.07.018 fatcat:x7sefwsknfcbflg2cm2fn4hg2i

Malicious Domain Detection Based on Machine Learning

2018 DEStech Transactions on Computer Science and Engineering  
And then we focus on a survey on the detection research of C&C (Command and Control) domain in Fast-flux botnets and Domain-flux botnets which are the most popular and the most challenging.  ...  At present, malicious domain detection, especially malicious domain detection based on machine learning, is one of the research hotspot in network security field.  ...  [8] designed a method based on DNS active detection, which calculates the flux fraction of each domain according to the number of A records and the number of NS records in the domain.  ... 
doi:10.12783/dtcse/iceit2017/19866 fatcat:75wt7lq5zbct3elgcs7lbclo4e

Hybrid rule-based botnet detection approach using machine learning for analysing DNS traffic

Saif Al-mashhadi, Mohammed Anbar, Iznan Hasbullah, Taief Alaa Alamiedy
2021 PeerJ Computer Science  
and rules that contribute to the detection of DNS-based botnet.  ...  Despite several approaches proposed to detect botnets based on DNS traffic analysis; however, the problem still exists and is challenging due to several reasons, such as not considering significant features  ...  Anomaly-based Botnet detection Anomaly-based detection method relies on different DNS anomalies to identify botnets.  ... 
doi:10.7717/peerj-cs.640 fatcat:fzwgehbianenhi2jbpm6uh7bey


Anchit Bijalwan, Vijender Kumar Solanki, Emmanuel Shubhakar Pilli
2018 Network Protocols and Algorithms  
Such activities are direct attacks on the safety, security and confidentiality of the organization. These activities put organizational privacy at stake.  ...  This paper enlightens the novel summary of previous survey including life cycle, classification, framework, detection, analysis and the challenges for botnet forensics.  ...  DNS uses DNSBL counter intelligence to detect survey in real time however, active countermeasure run the risk of false positives, c. both Mining based and DNS based detection approach effective to detect  ... 
doi:10.5296/npa.v10i2.13144 fatcat:4jslahx72nhobnabo25scj3yzi

Botnet Detection by Monitoring Similar Communication Patterns [article]

Hossein Rouhani Zeidanloo, Azizah Bt Abdul Manaf
2010 arXiv   pre-print
Then we proposed a new general detection framework which currently focuses on P2P based and IRC based Botnets. This proposed framework is based on definition of Botnets.  ...  Most of the existing Botnet detection approaches concentrate only on particular Botnet command and control (C&C) protocols (e.g., IRC,HTTP) and structures (e.g., centralized), and can become ineffective  ...  Therefore, it is feasible to detect Botnet DNS traffic by DNS monitoring and detect DNS traffic anomalies [29, 30] .  ... 
arXiv:1004.1232v1 fatcat:sgg2kaypojhebowrjzbfxmzxg4

Fast-Flux Bot Detection in Real Time [chapter]

Ching-Hsiang Hsu, Chun-Ying Huang, Kuan-Ta Chen
2010 Lecture Notes in Computer Science  
Most existing methods for detecting fast-flux botnets rely on the former property.  ...  The scheme is unique because it relies on certain intrinsic and invariant characteristics of fast-flux botnets, namely, 1) the request delegation model, 2) bots are not dedicated to malicious services,  ...  [12] monitored domain name service (DNS) activities over a sevenweek period and proposed a fast-flux botnet domain name detection scheme based on the fluxy-score.  ... 
doi:10.1007/978-3-642-15512-3_24 fatcat:irmatskiovfmbg67fksda3inxq

Active Botnet Probing to Identify Obscure Command and Control Channels

Guofei Gu, Vinod Yegneswaran, Phillip Porras, Jennifer Stoll, Wenke Lee
2009 2009 Annual Computer Security Applications Conference  
In this paper, we explore the potential use of active botnet probing techniques in a network middlebox as a means to augment and complement existing passive botnet C&C detection strategies, especially  ...  We discuss the limitations of BotProbe and hope this preliminary feasibility study on the use of active techniques in botnet research can inspire new thoughts and directions within the malware research  ...  ACKNOWLEDGMENT The authors would like to thank Jon Giffin, Nick Feamster, Roberto Perdisci, and Junjie Zhang for comments on an early version of this paper, and thank Mike Hunter for the help in user study  ... 
doi:10.1109/acsac.2009.30 dblp:conf/acsac/GuYPSL09 fatcat:5legftv2abbcvpgku6za7ub5lu

Measurement and analysis of global IP-usage patterns of fast-flux botnets

Xin Hu, Matthew Knysz, Kang G. Shin
2011 2011 Proceedings IEEE INFOCOM  
We have developed and deployed a lightweight DNS probing engine, called DIGGER, on 240 PlanetLab nodes spanning 4 continents.  ...  These results provide insight into the current global state of fast-flux botnets and their range in implementation, revealing potential trends for botnet-based services.  ...  Based on a domain's most recently returned DNS results, DIGGER continues to dig active domains periodically based on their observed TTL, ensuring fresh DNS-query results.  ... 
doi:10.1109/infcom.2011.5935091 dblp:conf/infocom/HuKS11 fatcat:sanwpkqmrnhr7kvtwno5y5ojwy
« Previous Showing results 1 — 15 out of 685 results