Identifying Fast-Flux Botnet With AGD Names at the Upper DNS Hierarchy
نویسندگان
چکیده
منابع مشابه
Detecting Malware Domains at the Upper DNS Hierarchy
In recent years Internet miscreants have been leveraging the DNS to build malicious network infrastructures for malware command and control. In this paper we propose a novel detection system called Kopis for detecting malware-related domain names. Kopis passively monitors DNS traffic at the upper levels of the DNS hierarchy, and is able to accurately detect malware domains by analyzing global D...
متن کاملBotnet Detection with DNS Monitoring
Botnets are today the universal tool for malicious activities in the Internet. They can send out spam messages, host fairly redundant malicious webpages, perform DDoS attacks and do much more. Of course, researchers have therefore been trying to effectively find and shut down botnets as quickly as possible. The Domain Name System has become an important part of such botnets, for both the botmas...
متن کاملMeasurements and Laboratory Simulations of the Upper DNS Hierarchy
Given that the global DNS system, especially at the higher root and top-levels, experiences significant query loads, we seek to answer the following questions: (1) How does the choice of DNS caching software for local resolvers affect query load at the higher levels? (2) How do DNS caching implementations spread the query load among a set of higher level DNS servers? To answer these questions w...
متن کاملBotnet Detection Using Passive DNS
The Domain Name System (DNS) is a distributed naming system fundamental for the normal operation of the Internet. It provides a mapping between user-friendly domain names and IP addresses. Cyber criminals use the flexibility provided by the DNS to deploy certain techniques that allow them to hide the Command and Control (CnC) servers used to manage their botnets and frustrate the detection effo...
متن کاملDGA-Based Botnet Detection Using DNS Traffic
In recent years, an increasing number of botnets use Domain Generation Algorithms (DGAs) to bypass botnet detection systems. DGAs, also referred as “domain fluxing”, has been used since 2004 for botnet controllers, and now become an emerging trend for malware. It can dynamically and frequently generate a large number of random domain names which are used to prevent security systems from detecti...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Access
سال: 2018
ISSN: 2169-3536
DOI: 10.1109/access.2018.2880884