2018
DOI: 10.1109/access.2018.2880884
|View full text |Cite
|
Sign up to set email alerts
|

Identifying Fast-Flux Botnet With AGD Names at the Upper DNS Hierarchy

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
5
0

Year Published

2019
2019
2023
2023

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 14 publications
(5 citation statements)
references
References 20 publications
0
5
0
Order By: Relevance
“…Table 3 presents a comparison between the proposed PASSVM system, which is based on SVM with RBF kernel, with the state-of-the-art mechanisms for fast flux detection. The mechanisms include GRADE [42], FF-Hunter [12], FluxBuster [43] and [39]. The comparison criteria are based on whether the detection is performed online or offline, the capability of performing a detection based on a single DNS record, the time for training and testing, the accuracy, and the used memory that were reported by the authors of the methods.…”
Section: Comparison With the State-of-the-artmentioning
confidence: 99%
See 1 more Smart Citation
“…Table 3 presents a comparison between the proposed PASSVM system, which is based on SVM with RBF kernel, with the state-of-the-art mechanisms for fast flux detection. The mechanisms include GRADE [42], FF-Hunter [12], FluxBuster [43] and [39]. The comparison criteria are based on whether the detection is performed online or offline, the capability of performing a detection based on a single DNS record, the time for training and testing, the accuracy, and the used memory that were reported by the authors of the methods.…”
Section: Comparison With the State-of-the-artmentioning
confidence: 99%
“…This requires performing tracerout and real-time measurement of the round trip time for all of the records, which incurs high overhead and has a major problem of possible failure due to filtering of the ICMP messages. The system proposed in [39] analyzes live traffic that is collected from the upper DNS hierarchy by applying literal composition to identify DGA-generated domains. Then it clusters the domains based on their literal features and the edit-distance.…”
Section: Comparison With the State-of-the-artmentioning
confidence: 99%
“…Some approaches identify infected network nodes by monitoring the DNS traffic and/or the behavior of groups of machines. For example, in [22]- [25] anomaly-based botnet detection mechanisms are proposed by monitoring group activities in DNS traffic of a specific network. Some work focuses on a specific type of attack.…”
Section: Related Workmentioning
confidence: 99%
“…This communication must preserve some degree of unlinkability to thwart any attempts to identify the botmaster. To ensure unlinkability and as a counter-measure against take-down mechanisms, botnets frequently make use of domain fluxing [37,59] through Domain Generation Algorithms (DGAs). DGAs produce a vast amount of domain names, which bots try to communicate with iteratively to find the actual C&C server.…”
Section: Introductionmentioning
confidence: 99%