A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2014; you can also visit the original URL.
The file type is application/pdf
.
Winning with DNS Failures: Strategies for Faster Botnet Detection
[chapter]
2012
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
Botnets such as Conficker and Torpig utilize high entropy domains for fluxing and evasion. Bots may query a large number of domains, some of which may fail. In this paper, we present techniques where the failed domain queries (NXDOMAIN) may be utilized for: (i) Speeding up the present detection strategies which rely only on successful DNS domains. (ii) Detecting Command and Control (C&C) server addresses through features such as temporal correlation and information entropy of both successful
doi:10.1007/978-3-642-31909-9_26
fatcat:upg7jzxtxjhf3ars4chpvqtovu