Filters








10 Hits in 4.0 sec

Phoenix: DGA-Based Botnet Tracking and Intelligence [chapter]

Stefano Schiavoni, Federico Maggi, Lorenzo Cavallaro, Stefano Zanero
<span title="">2014</span> <i title="Springer International Publishing"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/2w3awgokqne6te4nvlofavy5a4" style="color: black;">Lecture Notes in Computer Science</a> </i> &nbsp;
As a result, Phoenix can associate previously unknown DGA-generated domains to these groups, and produce novel knowledge about the evolving behavior of each tracked botnet.  ...  We propose Phoenix, a mechanism that, in addition to telling DGA-and non-DGA-generated domains apart using a combination of string and IP-based features, characterizes the DGAs behind them, and, most importantly  ...  As a result, Phoenix can associate previously unknown DGA-generated domains to these groups, and produce novel knowledge about the evolving behavior of each tracked botnet.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-08509-8_11">doi:10.1007/978-3-319-08509-8_11</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/py5julv3n5b7jasgyscfa7mndy">fatcat:py5julv3n5b7jasgyscfa7mndy</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20160816021917/http://www.syssec-project.eu/m/page-media/3/schiavoni-dimva14-phoenix.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/8a/0c/8a0c5540147d911855b45694145b8b9d698075c0.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-08509-8_11"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>

Tracking and Characterizing Botnets Using Automatically Generated Domains [article]

Stefano Schiavoni and Stefano Zanero Royal Holloway University of London)
<span title="2013-11-21">2013</span> <i > arXiv </i> &nbsp; <span class="release-stage" >pre-print</span>
Modern botnets rely on domain-generation algorithms (DGAs) to build resilient command-and-control infrastructures.  ...  Moreover, our system enriches these groups with new, previously unknown AGD names, and produce novel knowledge about the evolving behavior of each tracked botnet.  ...  (e.g., the tracking and monitoring of DGA-based C&C domains over time).  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1311.5612v1">arXiv:1311.5612v1</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/smwpatcxybd5lnwpet6okj7di4">fatcat:smwpatcxybd5lnwpet6okj7di4</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200904114425/https://arxiv.org/pdf/1311.5612v1.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/45/d3/45d3a44f7147343dbe5f8ca7d04a1e706482be43.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1311.5612v1" title="arxiv.org access"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> arxiv.org </button> </a>

Botnet Detection Technology Based on DNS

Xingguo Li, Junfeng Wang, Xiaosong Zhang
<span title="2017-09-25">2017</span> <i title="MDPI AG"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/hijy7jexkvcipg3tulqv73bck4" style="color: black;">Future Internet</a> </i> &nbsp;
We also point out the future research direction of detecting and mitigating DNS-based botnets.  ...  This paper focuses on evasion and detection techniques of DNS-based botnets and gives a review of this field for a general summary of all these contributions.  ...  The Phoenix approach consisted of three modules: a detection module, a discovery module, and an intelligence and observation module.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.3390/fi9040055">doi:10.3390/fi9040055</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/bymomhqzkfhkrfieve3ootcv4y">fatcat:bymomhqzkfhkrfieve3ootcv4y</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20180726202436/https://res.mdpi.com/def502007131e0558affeb921a45c2a52ce95a5eec4e05519ae11c5f53d5748e6a1f7078e9a5e309fb716df0cd3706e8322e068333e797e5db45bac3e26f72393744ffc0a7b8dd7e969e3ba4d2c869bcbef49bd52e3229b2d410e573f458bffcae8d604c409557666d436cae3210c5f6d5acfe7fe1f272ee701b9fccafe24bfc32e616de0915371f80e0598bc76eeacf49443169da9e5577059b9487977ec5bc7e1588fe7f?filename=&amp;attachment=1" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/bf/c9/bfc9447ab01d4c661aa8256c164895b9a42c6c99.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.3390/fi9040055"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> mdpi.com </button> </a>

Malicious Domain Detection Based on Machine Learning

YI-DA YAN, ZHEN-YAN LIU, JUN-WEI ZHONG, DU CHENG, JING-FENG XUE, YONG WANG
<span title="2018-03-08">2018</span> <i title="DEStech Publications"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/52spf3of4jbu5da2xrhvubclcy" style="color: black;">DEStech Transactions on Computer Science and Engineering</a> </i> &nbsp;
And then we focus on a survey on the detection research of C&C (Command and Control) domain in Fast-flux botnets and Domain-flux botnets which are the most popular and the most challenging.  ...  At present, malicious domain detection, especially malicious domain detection based on machine learning, is one of the research hotspot in network security field.  ...  At the same time, Phoenix is able to associate the unknown domains generated by DGAs with these groups, generate new perceptions of the evolution of each tracked botnet.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.12783/dtcse/iceit2017/19866">doi:10.12783/dtcse/iceit2017/19866</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/75wt7lq5zbct3elgcs7lbclo4e">fatcat:75wt7lq5zbct3elgcs7lbclo4e</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20190427093257/http://www.dpi-proceedings.com/index.php/dtcse/article/download/19866/19354" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/55/7b/557ba88a4fa47795d11aa0bd2a9b671eaaf12552.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.12783/dtcse/iceit2017/19866"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> Publisher / doi.org </button> </a>

Machine Learning for Analyzing Malware

Zhenyan Liu, Yifei Zeng, Yida Yan, Pengfei Zhang, Yong Wang
<span title="">2017</span> <i title="River Publishers"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/7fvtrv6o65gszpj46refzq3jw4" style="color: black;">Journal of Cyber Security and Mobility</a> </i> &nbsp;
Based on the malware analysis process, from the original feature extraction and feature selection to malware analysis, this paper introduces the machine learning algorithms such as classification, clustering  ...  and association analysis, and how to use these machine learning algorithms to effectively analyze the malware and its variants.  ...  [47] presented a mechanism called Phoenix based on the DBSCAN clustering algorithm, which could not only tell DGA-and non-DGA-generated domains apart using a combination of string and IPbased features  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.13052/jcsm2245-1439.631">doi:10.13052/jcsm2245-1439.631</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/ofgpxaubtbf7pbj2sfcjb747lu">fatcat:ofgpxaubtbf7pbj2sfcjb747lu</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20180722124301/https://www.riverpublishers.com/journal/journal_articles/RP_Journal_2245-1439_631.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/90/8b/908bc1f080958240d6fa0f9133801fe1c3e616bc.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.13052/jcsm2245-1439.631"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> Publisher / doi.org </button> </a>

Botnet in DDoS Attacks: Trends and Challenges

Nazrul Hoque, Dhruba K. Bhattacharyya, Jugal K. Kalita
<span title="">2015</span> <i title="Institute of Electrical and Electronics Engineers (IEEE)"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/b4kxurpz5vbn7gog6wq32vliii" style="color: black;">IEEE Communications Surveys and Tutorials</a> </i> &nbsp;
Botnet based DDoS attacks are catastrophic to the victim network as they can exhaust both network bandwidth and resources of the victim machine.  ...  A detailed discussion of several botnet architectures, tools developed using botnet architectures, and pros and cons analysis are also included.  ...  [124] propose a method called Phoenix to identify the DGA-based botnets using IP-based features and find representatives of botnets from the groups of DGA-generated domains.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/comst.2015.2457491">doi:10.1109/comst.2015.2457491</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/oph4lgawmzbuvgygq4iagsr6eu">fatcat:oph4lgawmzbuvgygq4iagsr6eu</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170808014417/http://www.cs.uccs.edu/~jkalita/papers/2015/HoqueNazrulEEETutorials&amp;Surveys2015.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/2a/57/2a57e6a5904998d014c84011630e91d9ed287968.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/comst.2015.2457491"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> ieee.com </button> </a>

Learning detectors of malicious web requests for intrusion detection in network traffic [article]

Lukas Machlica and Karel Bartos and Michal Sofka
<span title="2017-02-08">2017</span> <i > arXiv </i> &nbsp; <span class="release-stage" >pre-print</span>
The detectors identify malicious communication exploiting encrypted URL strings and domains generated by a Domain Generation Algorithm (DGA) which are frequently used in Command and Control (C&C), phishing  ...  In addition, a comparison with a signature and rule-based solution shows that our system is able to detect significant amount of new threats.  ...  , Geodo botnet and Emotet banking Trojan and legitimate domains.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1702.02530v1">arXiv:1702.02530v1</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/md4qbd55dvf3xc2nfeg2gygbcm">fatcat:md4qbd55dvf3xc2nfeg2gygbcm</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20191015031316/https://arxiv.org/pdf/1702.02530v1.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/a8/24/a824de9a1e12f9600199ed9ab16fd3437140b444.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1702.02530v1" title="arxiv.org access"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> arxiv.org </button> </a>

On the Security of Machine Learning in Malware C8C Detection

Joseph Gardiner, Shishir Nagaraja
<span title="2016-12-13">2016</span> <i title="Association for Computing Machinery (ACM)"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/eiea26iqqjcatatlgxdpzt637y" style="color: black;">ACM Computing Surveys</a> </i> &nbsp;
In particular, several approaches and techniques have been proposed to identify the command and control (C&C) channel that a compromised system establishes to communicate with its controller.  ...  As a consequence, an alternative line of work has focused on detecting and disrupting the individual steps that follow an initial compromise and are essential for the successful progression of the attack  ...  The system also contains an intelligence module that is able to track the evolution of IPs to which groups of domains point to monitor changes in botnet behavior. Fast Flux Detection.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/3003816">doi:10.1145/3003816</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/jmuklpr2bjamfgygu6rpi4ldmm">fatcat:jmuklpr2bjamfgygu6rpi4ldmm</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20161223170329/http://delivery.acm.org/10.1145/3010000/3003816/a59-gardiner.pdf?ip=27.64.34.46&amp;id=3003816&amp;acc=OPEN&amp;key=4D4702B0C3E38B35%2E4D4702B0C3E38B35%2E4D4702B0C3E38B35%2E6D218144511F3437&amp;CFID=879981059&amp;CFTOKEN=25006594&amp;__acm__=1482512843_65a020e8e09727f21b7a5d400c57d498" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/5d/7c/5d7ce317168ab0642526b7174f377ed77cbc2c65.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/3003816"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>

Discovering Malicious Domains through Passive DNS Data Graph Analysis

Issa Khalil, Ting Yu, Bei Guan
<span title="">2016</span> <i title="ACM Press"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/rau5643b7ncwvh74y6p64hntle" style="color: black;">Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS &#39;16</a> </i> &nbsp;
The general approach is to build classifiers based on DNS-related local domain features.  ...  For the second challenge, we develop a graph-based inference technique over associated domains.  ...  While our approach is to detect unknown malicious domains, Phoenix is mainly concerned with tracking and intelligence beyond detection.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/2897845.2897877">doi:10.1145/2897845.2897877</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/ccs/KhalilYG16.html">dblp:conf/ccs/KhalilYG16</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/zfkatykcdbdmhbjle53lmqufrm">fatcat:zfkatykcdbdmhbjle53lmqufrm</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20190722174345/http://delivery.acm.org/10.1145/2900000/2897877/p663-khalil.pdf?ip=151.207.250.32&amp;id=2897877&amp;acc=ACTIVE%20SERVICE&amp;key=C15944E53D0ACA63%2E4D4702B0C3E38B35%2E4D4702B0C3E38B35%2E4D4702B0C3E38B35&amp;__acm__=1563817693_884fe774f9c640bf24e0763eadf4ef15" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/da/87/da8732206a0bcf097a0e64b25ea77fc24737fdfc.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/2897845.2897877"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>

deMSF: a Method for Detecting Malicious Server Flocks for Same Campaign

Yixin Li, Liming Wang, Jing Yang, Zhen Xu, Xi Luo
<span title="2020-10-30">2020</span> <i title="European Alliance for Innovation n.o."> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/sfw6e4bmgrh6rkjkiiddq77y3m" style="color: black;">EAI Endorsed Transactions on Security and Safety</a> </i> &nbsp;
Further we extract the semantic vectors of servers based on word2vec and build a textCNN-based flocks classifier to recognize malicious flocks.  ...  Compared with a single server, employing multiple servers allows crimes to be more efficient and stealthy.  ...  Phoenix [25] is a mechanism using a combination of string and IP-based features to tell DGA and non-DGA domains.It can find groups of DGA domains that are representative of the respective botnets.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.4108/eai.21-6-2021.170236">doi:10.4108/eai.21-6-2021.170236</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/dm5zlb3ycva3ldrxtactgrbvhm">fatcat:dm5zlb3ycva3ldrxtactgrbvhm</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20210623051447/https://eudl.eu/pdf/10.4108/eai.21-6-2021.170236" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/b2/10/b2105be996641452888965acb5b432a973b276a6.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.4108/eai.21-6-2021.170236"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> Publisher / doi.org </button> </a>