Towards active measurement for DNS query behavior of botnets
作者: Xiaobo Ma , Jianfeng Li , Jing Tao , Xiaohong Guan
DOI: 10.1109/GLOCOM.2012.6503218
关键词:
摘要: Domain names play an increasingly important role for the botnet activities. Traditionally, DNS traces from several local servers are used passively to measure query behavior. However, since botnets a wide-scale threat and usually reside in geographically dispersed networks, vantage point of is sometimes too small help us understand behavior (e.g., whether queried or not, average rate) botnets. In this paper, we actively networks via cache probing technique. We first analytically characterize how multiple domain by different under certain circumstances. Then, real samples wild gain insight into 480 globally, show that our analytical characterization well describes samples. The active measurement technique can acquire extensive information thus potentially facilitate various DNS-related research applications.
sci-hub.se 参考文章(15)
Moheeb Abu Rajab, Fabian Monrose, Andreas Terzis, Niels Provos, Peeking through the cloud: DNS-based estimation and its applications applied cryptography and network security. pp. 21- 38 ,(2008) , 10.1007/978-3-540-68914-0_2
David Dagon, Chris Lee, Wenke Lee, Niels Provos, Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority network and distributed system security symposium. ,(2008)
Jose Andre Morales, Areej Al-Bataineh, Shouhuai Xu, Ravi Sandhu, Analyzing DNS activities of bot processes international conference on malicious and unwanted software. pp. 98- 103 ,(2009) , 10.1109/MALWARE.2009.5403014
Xuebiao Yuchi, Xin Wang, Xiaodong Li, Baoping Yan, DNS Measurements at the .CN TLD Servers fuzzy systems and knowledge discovery. ,vol. 7, pp. 540- 545 ,(2009) , 10.1109/FSKD.2009.12
David Dagon, Wenke Lee, Global Internet Monitoring Using Passive DNS 2009 Cybersecurity Applications & Technology Conference for Homeland Security. pp. 163- 168 ,(2009) , 10.1109/CATCH.2009.48
N. Brownlee, K.C. Claffy, E. Nemeth, DNS measurements at a root server global communications conference. ,vol. 3, pp. 1672- 1676 ,(2001) , 10.1109/GLOCOM.2001.965864
Roberto Perdisci, Igino Corona, David Dagon, Wenke Lee, Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces annual computer security applications conference. pp. 311- 320 ,(2009) , 10.1109/ACSAC.2009.36
Nan Jiang, Jin Cao, Yu Jin, Li Erran Li, Zhi-Li Zhang, Identifying suspicious activities through DNS failure graph analysis international conference on network protocols. pp. 144- 153 ,(2010) , 10.1109/ICNP.2010.5762763
Hüseyin Akcan, Torsten Suel, Hervé Brönnimann, Geographic web usage estimation by monitoring DNS caches Proceedings of the first international workshop on Location and the web - LOCWEB '08. pp. 85- 92 ,(2008) , 10.1145/1367798.1367813
Xin Hu, Matthew Knysz, Kang G. Shin, Measurement and analysis of global IP-usage patterns of fast-flux botnets international conference on computer communications. pp. 2633- 2641 ,(2011) , 10.1109/INFCOM.2011.5935091