Botnet Detection with DNS Monitoring
نویسندگان
چکیده
Botnets are today the universal tool for malicious activities in the Internet. They can send out spam messages, host fairly redundant malicious webpages, perform DDoS attacks and do much more. Of course, researchers have therefore been trying to effectively find and shut down botnets as quickly as possible. The Domain Name System has become an important part of such botnets, for both the botmaster and the defender. It enables botmasters to either hide their content servers via fast-flux, but also offers a good possibility to communicate with the Command and Control server in the background with the help of Domain Generation Algorithms. This paper gives an overview on recent developments in the field of detecting botnets with the help of the Domain Name System and evaluates the different solutions in terms of required input, practicability, efficiency and privacy.
منابع مشابه
Detection of fast - ux botnets through DNS tra c analysis
Botnets are networks built up of a large number of bot computers, which provide the attacker with massive resources, such as bandwidth, storage, and processing power, in turn, allowing the attacker to launch massive attacks, such as Distributed Denial of Service (DDoS) attacks, or undertake spamming or phishing campaigns. One of the main approaches for botnet detection is based on monitoring an...
متن کاملDetecting Botnet Activities Based on Abnormal DNS traffic
The botnet is considered as a critical issue of the Internet due to its fast growing mechanism and affect. Recently, Botnets have utilized the DNS and query DNS server just like any legitimate hosts. In this case, it is difficult to distinguish between the legitimate DNS traffic and illegitimate DNS traffic. It is important to build a suitable solution for botnet detection in the DNS traffic an...
متن کاملBotnet Detection Through Fine Flow Classification
The prevalence of botnets, which is defined as a group of infected machines, have become the predominant factor among all the internet malicious attacks such as DDoS, Spam, and Click fraud. The number of botnets is steadily increasing, and the characteristic C&C channels have evolved from IRC to HTTP, FTP, and DNS, etc., and from the centralized structure to P2P and Fast Flux Network Services. ...
متن کاملRB-Seeker: Auto-detection of Redirection Botnets
A Redirection Botnet (RBnet) is a vast collection of compromised computers (called bots) used as a redirection/proxy infrastructure and under the control of a botmaster. We present the design, implementation and evaluation of a system called Redirection Botnet Seeker (RB-Seeker) for automatic detection of RBnets by utilizing three cooperating subsystems. Two of the subsystems are used to genera...
متن کاملBotnet Malicious Activity Detection Based on DNS Traffic Analysis
In the field of internet security botnet is becoming the significant threat as more number of users are connected to internet. Botnet which is a collection of infected computers so called (bots) are becoming the major threat to internet community. The difference between a malware and botnet is that bot is remotely controlled by a C&C server which are under the control of a botmaster. Here in th...
متن کاملIdentifying botnets by capturing group activities in DNS traffic
Botnets have become the main vehicle to conduct online crimes such as DDoS, spam, phishing and identity theft. Even though numerous efforts have been directed towards detection of botnets, evolving evasion techniques easily thwart detection. Moreover, existing approaches can be overwhelmed by the large amount of data needed to be analyzed. In this paper, we propose a light-weight mechanism to d...
متن کامل