A method for detecting DGA botnet based on semantic and cluster analysis
作者: Van Tong , Giang Nguyen
关键词:
摘要: Botnets play major roles in a vast number of threats to network security, such as DDoS attacks, generation spam emails, information theft. Detecting is difficult task due the complexity and performance issues when analyzing huge amount data from real large-scale networks. In Botnet malware, use Domain Generation Algorithms allows decrease possibility be detected using white list - blacklist scheme thus DGA have higher survival. This paper proposes detection based on DNS traffic analysis which utilizes semantic measures entropy, meaning level domain, frequency n-gram appearances Mahalanobis distance for domain classification. The proposed method an improvement Phoenix botnet mechanism, where classification phase, modified used instead original clustering phase k-means algorithm archiving better effectiveness. effectiveness was measured compared with Phoenix, Linguistic SVM Light methods. experimental results show accuracy ranges 90 99,97% depending type.
acm.org
sci-hub.se 参考文章(10)
Stefano Schiavoni, Federico Maggi, Lorenzo Cavallaro, Stefano Zanero, Phoenix: DGA-Based Botnet Tracking and Intelligence ∗ international conference on detection of intrusions and malware, and vulnerability assessment. pp. 192- 211 ,(2014) , 10.1007/978-3-319-08509-8_11
Ying Zhang, Yongzheng Zhang, Jun Xiao, Detecting the DGA-Based Malicious Domain Names International Conference on Trustworthy Computing and Services. pp. 130- 137 ,(2013) , 10.1007/978-3-662-43908-1_17
Abebe Tesfahun, D Lalitha Bhaskari, Botnet Detection and Countermeasures- A Survey ,(2013)
C. Manikopoulos, S. Papavassiliou, Network intrusion and fault detection: a statistical anomaly approach IEEE Communications Magazine. ,vol. 40, pp. 76- 82 ,(2002) , 10.1109/MCOM.2002.1039860
Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis, A multifaceted approach to understanding the botnet phenomenon internet measurement conference. pp. 41- 52 ,(2006) , 10.1145/1177080.1177086
Arno Wagner, Bernhard Plattner, Entropy Based Worm and Anomaly Detection in Fast IP Networks 14th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprise (WETICE'05). pp. 172- 177 ,(2005) , 10.1109/WETICE.2005.35
Etienne Stalmans, Barry Irwin, A framework for DNS based detection and mitigation of malware infections on a network information security for south africa. pp. 1- 8 ,(2011) , 10.1109/ISSA.2011.6027531
Sandeep Yadav, Ashwath Kumar Krishna Reddy, A.L. Narasimha Reddy, Supranamaya Ranjan, Detecting algorithmically generated malicious domain names internet measurement conference. pp. 48- 61 ,(2010) , 10.1145/1879141.1879148
Yonglin Zhou, Qing-shan Li, Qidi Miao, Kangbin Yim, None, DGA-Based Botnet Detection Using DNS Traffic. J. Internet Serv. Inf. Secur.. ,vol. 3, pp. 116- 123 ,(2013)
Chao Li, Wei Jiang, Xin Zou, Botnet: Survey and Case Study international conference on innovative computing, information and control. pp. 1184- 1187 ,(2009) , 10.1109/ICICIC.2009.127