Identifying botnets by capturing group activities in DNS traffic
作者: Hyunsang Choi , Heejo Lee
DOI: 10.1016/J.COMNET.2011.07.018
关键词:
摘要: Botnets have become the main vehicle to conduct online crimes such as DDoS, spam, phishing and identity theft. Even though numerous efforts been directed towards detection of botnets, evolving evasion techniques easily thwart detection. Moreover, existing approaches can be overwhelmed by large amount data needed analyzed. In this paper, we propose a light-weight mechanism detect botnets using their fundamental characteristics, i.e., group activity. The proposed mechanism, referred BotGAD (botnet activity detector) needs small from DNS traffic botnet, not all network content or known signatures. large-scale in real-time even botnet performs encrypted communications. that adopt recent techniques. We evaluate multiple traces collected different sources including campus ISP networks. evaluation shows automatically while providing monitoring scale
elsevier.com
acm.org
korea.ac.kr参考文章(46)
David Dagon, Cliff Changchun Zou, Wenke Lee, Modeling Botnet Propagation Using Time Zones. network and distributed system security symposium. ,(2006)
Felix C. Freiling, Konrad Rieck, Christian Gorecki, Thorsten Holz, Measuring and Detecting Fast-Flux Service Networks network and distributed system security symposium. ,(2008)
Nick Feamster, Alexander G. Gray, Nadeem Ahmed Syed, Shuang Hao, Sven Krasser, Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine usenix security symposium. pp. 101- 118 ,(2009)
D. Kevin McGrath, Minaxi Gupta, Behind phishing: an examination of phisher modi operandi LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. pp. 4- ,(2008)
Matthew Knysz, Kang G. Shin, Xin Hu, RB-Seeker: Auto-detection of Redirection Botnets. network and distributed system security symposium. ,(2009)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
Chris Meek, Scott Wen-tau Yih, Learning Vector Representations for Similarity Measures ,(2010)
David Dagon, Chris Nunnery, Vikram Sharma, Brent ByungHoon Kang, Julian B. Grizzard, Peer-to-peer botnets: overview and case study conference on workshop on hot topics in understanding botnets. pp. 1- 1 ,(2007)
Vinod Yegneswaran, Guofei Gu, Wenke Lee, Martin Fong, Phillip Porras, BotHunter: detecting malware infection through IDS-driven dialog correlation usenix security symposium. pp. 12- ,(2007)
Alexander Moshchuk, Steven D. Gribble, Arvind Krishnamurthy, John P. John, Studying spamming botnets using Botlab networked systems design and implementation. pp. 291- 306 ,(2009)