2,698 Hits in 3.2 sec

Real-time malicious fast-flux detection using DNS and bot related features

Sergi Martinez-Bea, Sergio Castillo-Perez, Joaquin Garcia-Alfaro
2013 2013 Eleventh Annual Conference on Privacy, Security and Trust  
This confirms our hypothesis that a malicious botmaster can create a fast-flux domain with a particular chosen set of features, and whose aim is to evade any detection based on using only DNS-related information  ...  The set can be divided in two different groups: (1) DNS-related features and (2) bot-intrinsic features. The former being features that are related to the DNS resolution process.  ... 
doi:10.1109/pst.2013.6596093 dblp:conf/pst/Martinez-BeaCG13 fatcat:wwiybdlxkfd6jadagdq42zepaq

A fuzzy pattern-based filtering algorithm for botnet detection

Kuochen Wang, Chun-Ying Huang, Shang-Jyh Lin, Ying-Dar Lin
2011 Computer Networks  
To work with fuzzy pattern recognition techniques, we design several membership functions based on frequently observed bots' behavior including: (1) generate failed DNS queries; (2) have similar DNS query  ...  It is possible that a bot successfully obtains an IP address from a DNS server but the computer associated with the obtained IP address is shutdown or offline.  ...  In the DNS phase, we detect a bot based on DNS features. Suppose a DNS query is made for domain name D and a corresponding DNS response returns an associated IP address A.  ... 
doi:10.1016/j.comnet.2011.05.026 fatcat:bixhvvhtxbhfthfcx4agniu4xe

Malicious Domain Detection Based on K-means and SMOTE [chapter]

Qing Wang, Linyu Li, Bo Jiang, Zhigang Lu, Junrong Liu, Shijie Jian
2020 Lecture Notes in Computer Science  
However, existing detection methods usually use classification-based and association-based representations, which are not capable of dealing with the imbalanced problem between malicious and benign domains  ...  The Domain Name System (DNS) as the foundation of Internet, has been widely used by cybercriminals. A lot of malicious domain detection methods have received significant success in the past decades.  ...  This method is based on the intuition that the domain associated with a malicious domain is likely to be malicious as well.  ... 
doi:10.1007/978-3-030-50417-5_35 fatcat:onxdki2dzbbo7ekcp2sls3g6ye

Signature-based Traffic Classification and Mitigation for DDoS Attacks using Programmable Network Data Planes

Marinos Dimolianis, Adam Pavlidis, Vasilis Maglaris
2021 IEEE Access  
Malicious signatures undergo a reduction process tailored to the attack vector in order to generate a concise set of filtering rules, thus expediting mitigation performance.  ...  Our approach was compared to source-based mechanisms in terms of (i) malicious traffic identification, (ii) filtering rules cardinality, and (iii) packet processing throughput required in modern high speed  ...  Every observed packet signature pertains to a counter stored within an appropriate BPF Map (i.e. hash table). SE consists of various instances, each associated with a specific attack vector.  ... 
doi:10.1109/access.2021.3104115 fatcat:cktpbsqngrbshaeslxbx3sa76u

IMDoC: Identification of Malicious Domain Campaigns via DNS and Communicating Files

David Lazar, Kobi Cohen, Alon Freund, Avishay Bartik, Aviv Ron
2021 IEEE Access  
The first approach is known as active DNS data collection, and the latter is called passive DNS data collection. There are various problems associated with the active DNS data collection approach.  ...  associated with similar behavior of the tag histogram of their communicating files.  ... 
doi:10.1109/access.2021.3066957 fatcat:lh2mrecwevfqtlvdnzdlk4xg4m

Measuring the Effectiveness of Digital Hygiene using Historical DNS Data [article]

Oliver Farnan and Gregory Walton and Joss Wright
2021 arXiv   pre-print
This project is ongoing, with data collection underway at a number of Central Asian CSOs.  ...  The research collects DNS traffic from CSOs that are participating in the digital safety intervention, and compares a treatment group consisting of four CSOs against DNS traffic from a second group of  ...  The same survey indicated that 67% of organisations do not monitor recursive DNS to detect anomalies associated with known or unknown cyber threat behaviours.  ... 
arXiv:2110.13562v1 fatcat:pweyjdprgncoxfxqf3wlegu2lq

Behavior-based botnet detection in parallel

Kuochen Wang, Chun-Ying Huang, Li-Yang Tsai, Ying-Dar Lin
2013 Security and Communication Networks  
With the design objectives of being efficient and accurate, a bot is detected using the proposed five-stage process, including: (i) traffic reduction, which shrinks an input trace by deleting unnecessary  ...  DNS features; and (v) TCP detection phase, which detects bots based on TCP features.  ...  If a bot is detected in the DNS detection phase, BBDP ignores TCP features associated with the DNS features and reports the detection result.  ... 
doi:10.1002/sec.898 fatcat:yshuizyoand2xnx6cmuch54h34

Beheading hydras

Yacin Nadji, Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
Devices infected with malicious software typically form botnet armies under the influence of one or more command and control (C&C) servers.  ...  With this paper, we aim to bring order, measure, and reason to the botnet takedown problem.  ...  Simply relying on passive DNS (for De) and malware associations (for Dm) overestimate and underestimate the malicious domain names, respectively.  ... 
doi:10.1145/2508859.2516749 dblp:conf/ccs/NadjiAPDL13 fatcat:zcw5nmpwyfcgtn6sgvtfcrxmpa

Analysis of planes of attacks on the Blockchain system

P.I. Stetsenko, G.Z. Khalimov, E.V. Kotukh
2020 Radiotechnics  
Another measure to counter malicious mining is a scheme that reduces rewards for an attacker.  ...  A fairly large number of researches were devoted to the problem of countering DNS attacks, however, the studies were mainly carried out on classical (on premise) architectures [16] .  ... 
doi:10.30837/rt.2020.1.200.10 fatcat:3jckwyfg65cu5c3vnqavy7gx2i

A Big Data Architecture for Large Scale Security Monitoring

Samuel Marchal, Xiuyan Jiang, Radu State, Thomas Engel
2014 2014 IEEE International Congress on Big Data  
In this paper we propose a solution to cope with the tremendous amount of data to analyse for security monitoring perspectives.  ...  DNS data, NetFlow records, HTTP traffic and honeypot data are mined and correlated in a distributed system that leverages state of the art big data solution.  ...  DNS requests are performed to get IP addresses associated with a domain and then consult the needed resource.  ... 
doi:10.1109/bigdata.congress.2014.18 dblp:conf/bigdata/MarchalJSE14 fatcat:hpklha4aufbrlmquark4cvafji

OpenID Security Analysis and Evaluation

San-Tsai Sun, Konstantin Beznosov
2010 Zenodo  
With additional practical adversary capabilities (e.g., trick users to use a malicious wireless access point or install a malicious browser extension) that enable an attacker to intercept the authentication  ...  To the end, I will demonstrate the attack vectors employed in the evaluation process and discuss our proposed countermeasure for the current OpenID-enabled websites and future OpenID specification.  ...  return_url=RP&identity=l" style="display:none"> a nonce associated with the auth request can stop the attack Identity user name: password: xxxxxxxx http://  ... 
doi:10.5281/zenodo.3264502 fatcat:eetpkw3otfeqjabiadf7crf4ny

Using Software-Defined Networking for Ransomware Mitigation: The Case of CryptoWall

Krzysztof Cabaj, Wojciech Mazurczyk
2016 IEEE Network  
The first advantage of both introduced solutions is associated with the SDN approach to packet forwarding.  ...  The main functionality of the first application (SDN1) was associated with a simple Layer 2 learning switch.  ... 
doi:10.1109/mnet.2016.1600110nm fatcat:3h2wsrsqhnhnpibyai6ujg4gle

BotDet: A System for Real Time Botnet Command and Control Traffic Detection

Ibrahim Ghafir, Vaclav Prenosil, Mohammad Hammoudeh, Thar Baker, Sohail Jabbar, Shehzad Khalid, Sardar Jaf
2018 IEEE Access  
Many recent attacks are attributed to the spread of malicious software, e.g., ransomware or bot malware.  ...  Machines infected with bot malware can be used as tools for remote attack or even cryptomining.  ...  Malware and malicious activities are associated with both.  ... 
doi:10.1109/access.2018.2846740 fatcat:cjbw427ko5dyhd3qir266ufwwu

DNS based In-Browser Cryptojacking Detection [article]

Rohit Kumar Sachan, Rachit Agarwal, Sandeep Kumar Shukla
2022 arXiv   pre-print
Similarity analysis of the features reveals a minimal divergence between the cryptojacking DNs and other already known malicious DNs.  ...  Our results show DecisionTrees classifier performs the best with 59.5% Recall on cryptojacked DN, while for unsupervised learning, K-Means with K=2 perform the best.  ...  with cryptojacked DNs and other malicious DNs for the similarity analysis.  ... 
arXiv:2205.04685v1 fatcat:4jcxdtanvngifnmbrriacqea4a

On JavaScript Malware and related threats

Martin Johns
2007 Journal in Computer Virology  
The term JavaScript Malware describes attacks that abuse the web browser's capabilities to execute malicious script-code within the victim's local execution context.  ...  In turn DNS pinning, which was introduced to counter rebinding attacks, introduces problems with dynamic DNS services and DNS based redundancy solutions.  ...  To counter this attack most modern browsers employ "DNS pinning": The mapping between a URL and an IP-address is kept by the web browser for the entire lifetime of the browser process even if the DNS answer  ... 
doi:10.1007/s11416-007-0076-7 fatcat:24teelap3rfh7fz52altjaymca
« Previous Showing results 1 — 15 out of 2,698 results