Malicious Automatically Generated Domain Name Detection Using Stateful-SBB

Haddadi, Fariba; Kayacık, H. Güneş; Zincir-Heywood, A. Nur; Heywood, Malcolm I.

doi:10.1007/978-3-642-37192-9_53

Cited by 9 publications

(4 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some of the works in the literature proposed specific packet analysis methods to detect botnet behaviour . These systems have focussed on specific packets and features from the header and/or payload sections of these packets to identify the type of malware they are interested in.…”

Section: Methodsmentioning

confidence: 99%

“…These systems have focussed on specific packets and features from the header and/or payload sections of these packets to identify the type of malware they are interested in. For example, Haddadi et al extracted the domain name from the DNS packets to detect automatically generated malicious domain names while Mohaisen et al introduced a set of features focussing on the Zeus botnet. The features introduced by Mohaisen et al based on a priori knowledge are used in the evaluations of the proposed packet payload–based system.…”

Section: Methodsmentioning

confidence: 99%

“…Some of the works in the literature proposed specific packet analysis methods to detect botnet behaviour. 20,27 These systems have focussed on specific packets and features from the header and/or payload sections of these packets to identify the type of malware they are interested in. For example, Haddadi et al 27 extracted the domain name from the DNS packets to detect automatically generated malicious domain names while Mohaisen et al 26 Table 1 presents the selected features for this approach.…”

Section: Packet Payload-based Systemmentioning

confidence: 99%

See 2 more Smart Citations

Botnet behaviour analysis: How would a data analytics‐based system with minimum a priori information perform?

Haddadi

Zincir-Heywood

2017

Int J Network Mgmt

Self Cite

View full text Add to dashboard Cite

Summary Botnets, as one of the most aggressive threats, has used different techniques, topologies, and communication protocols in different stages of their lifecycle since 2003. Hence, identifying botnets has become very challenging specifically given that they can upgrade their methodology at any time. Various detection approaches have been proposed by the cyber‐security researchers, focusing on different aspects of these threats. In this work, 5 different botnet detection approaches are investigated. These systems are selected based on the technique used and type of data used where 2 are public rule–based systems (BotHunter and Snort) and the other 3 use machine learning algorithm with different feature extraction methods (packet payload based and traffic flow based). On the other hand, 4 of these systems are based on a priori knowledge while one is using minimum a priori information. The objective in this analysis is to evaluate the effectiveness of these approaches under different scenarios (eg, multi‐botnet and single‐botnet classifications) as well as exploring how a system with minimum a priori information would perform. The goal is to investigate if a system with minimum a priori information could result in a competitive performance compared to systems using a priori knowledge. The evaluation is shown on 24 publicly available botnet data sets. Results indicate that a machine learning–based system with minimum a priori information not only achieves a very high performance but also generalizes much better than the other systems evaluated on a wide range of botnet structures (from centralized to decentralized botnets).

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

Section: Packet Payload-based Systemmentioning

confidence: 99%

See 1 more Smart Citation

Botnet behaviour analysis: How would a data analytics‐based system with minimum a priori information perform?

Haddadi

Zincir-Heywood

2017

Int J Network Mgmt

Self Cite

View full text Add to dashboard Cite

show abstract

“…Haddadi et. al.,[4] suggest an evolutionary computation technique based on Stateful-SBB to detect malicious botnet. Shi et.…”

mentioning

confidence: 99%

LSTM Network Based Malicious Domain Name Detection

Josan*,

Kaur

2019

IJEAT

View full text Add to dashboard Cite

Detecting malicious domain names attract lot of research in recent years. Researchers tried various text based, network traffic based and combination of these methods to detect malicious names. In this paper, we analyze the possibility of detection malicious names using deep neural network based models. Bidirectional LSTM network has been developed and trained on the dataset. Two tasks were experimented. First task was to identify malicious domain name and second task was to identify the class of domain name. Proposed method is able to perform well on task 1 producing 98.9% accuracy whereas on task 2 it is able to achieve accuracy of 69.7% only.

show abstract

Malicious Domain Name Recognition Based on Deep Neural Networks

Yan

Cui

2018

Security, Privacy, and Anonymity in Computation, Communication, and Storage

View full text Add to dashboard Cite

Malicious Automatically Generated Domain Name Detection Using Stateful-SBB

Cited by 9 publications

References 8 publications

Botnet behaviour analysis: How would a data analytics‐based system with minimum a priori information perform?

Botnet behaviour analysis: How would a data analytics‐based system with minimum a priori information perform?

LSTM Network Based Malicious Domain Name Detection

Malicious Domain Name Recognition Based on Deep Neural Networks

Contact Info

Product

Resources

About