2016
DOI: 10.1002/sec.1495
|View full text |Cite
|
Sign up to set email alerts
|

Detecting domain‐flux botnet based on DNS traffic features in managed network

Abstract: Modern botnets such as Zeus and Conficker commonly utilize a technique called domain fluxing or a domain generation algorithm to generate a large number of pseudo‐random domain names (PDNs) dynamically for botnet operators to control their bots. These botnets are becoming one of the most serious threats to Internet security on a global scale. How to prevent their destructive action is one of the most pressing issues of today. In this paper, we focus on detecting domain‐flux botnets within the monitored network… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
41
0

Year Published

2018
2018
2021
2021

Publication Types

Select...
4
3

Relationship

0
7

Authors

Journals

citations
Cited by 38 publications
(41 citation statements)
references
References 25 publications
0
41
0
Order By: Relevance
“…Based on those results, other previous studies have attempted to distinguish between benign and malicious domains using only their character strings in manners similar to our approach. Truong et al [27] proposed a technique that learns and predicts character patterns using bigram models with supervised learning algorithms, and Anderson et al [28] extended this technique using character-level models with long short-term memory (LSTM) networks. Qiao et al [29] combined LSTM networks with attention mechanisms to give proper weight values to the characters in domain names.…”
Section: B Related Workmentioning
confidence: 99%
See 3 more Smart Citations
“…Based on those results, other previous studies have attempted to distinguish between benign and malicious domains using only their character strings in manners similar to our approach. Truong et al [27] proposed a technique that learns and predicts character patterns using bigram models with supervised learning algorithms, and Anderson et al [28] extended this technique using character-level models with long short-term memory (LSTM) networks. Qiao et al [29] combined LSTM networks with attention mechanisms to give proper weight values to the characters in domain names.…”
Section: B Related Workmentioning
confidence: 99%
“…Notably, the idea of using randomization to facilitate malware detection is not novel. Indeed, several studies based on this strategy have been reported [27], [28], [29], [30], [38], [39]. For example, Lin et al [38] proposed a method for decrypting malware communications for tracebacks to cybercriminals, while Wahab et al [39] proposed a method for detecting compromised virtual machines by monitoring behavior at the hypervisor level.…”
Section: Proposalmentioning
confidence: 99%
See 2 more Smart Citations
“…The system is leveraging on the knowledge of the life cycle of malicious domains, as well as the observation of resource re-use across different attacks. Another similar work by Truong & Cheng, where they proposed a method to detect Zeus and Conficker that utilizes domain fluxing by analyzing the extracted the DNS traffic length and expected value that can distinguish between a domain name, by a human or botnets [5]. Nguyen & Tran on the other hand, modeled user behaviors and applying heuristic analysis approach to mobile logs generated during device operation process [7].…”
Section: Related Workmentioning
confidence: 99%