Botnet detection using graph-based feature clustering

Botnet Detection using Clustering Algorithms

In this paper, some clustering techniques are analyzed to compare their ability to detect botnet traffic by selecting features that distinguish connections belonging to or not belonging to a botnet. By considering the history of network’s connections, some clustering algorithms are used to derive a set of rules to decide which should be considered as a botnet. Our main contribution is to evalua...

DGA-Based Botnet Detection Using DNS Traffic

In recent years, an increasing number of botnets use Domain Generation Algorithms (DGAs) to bypass botnet detection systems. DGAs, also referred as “domain fluxing”, has been used since 2004 for botnet controllers, and now become an emerging trend for malware. It can dynamically and frequently generate a large number of random domain names which are used to prevent security systems from detecti...

Botnet Detection Using Passive DNS

The Domain Name System (DNS) is a distributed naming system fundamental for the normal operation of the Internet. It provides a mapping between user-friendly domain names and IP addresses. Cyber criminals use the flexibility provided by the DNS to deploy certain techniques that allow them to hide the Command and Control (CnC) servers used to manage their botnets and frustrate the detection effo...

Detection of feature freezes using clustering algorithms

BotRevealer: Behavioral Detection of Botnets based on Botnet Life-cycle

Nowadays, botnets are considered as essential tools for planning serious cyberattacks. Botnets are used to perform various malicious activities such as DDoSattacks and sending spam emails. Different approaches are presented to detectbotnets; however most of them may be ineffective when there are only a fewinfected hosts in monitored network, as they rely on similarity in...