BOTNET Detection Approach by DNS Behavior and Clustering Analysis
نویسندگان
چکیده
Botnets are one of the most serious threats to internet security. A botnet is a network of computers on internet which are under the influence of a malware code, oblivious to the owner of that computer and sends out transmissions (virus or spam) to other computers on internet. Botnet can be utilized for DoS attacks, phishing, spamming and many other fraudulent activities. Therefore, it is important to detect botnets. In this paper we will describe the strategy for botnet detection by detecting the fast flux characteristics of a botnet. Through fast flux bot-master DNS uses different IP addresses so that no one would be able to detect the actual physical location of the server of the botnet. Thus, in our approach we are using K-means clustering to the DNS data to detect the fast flux.
منابع مشابه
Botnet Malicious Activity Detection Based on DNS Traffic Analysis
In the field of internet security botnet is becoming the significant threat as more number of users are connected to internet. Botnet which is a collection of infected computers so called (bots) are becoming the major threat to internet community. The difference between a malware and botnet is that bot is remotely controlled by a C&C server which are under the control of a botmaster. Here in th...
متن کاملDetecting Botnet Activities Based on Abnormal DNS traffic
The botnet is considered as a critical issue of the Internet due to its fast growing mechanism and affect. Recently, Botnets have utilized the DNS and query DNS server just like any legitimate hosts. In this case, it is difficult to distinguish between the legitimate DNS traffic and illegitimate DNS traffic. It is important to build a suitable solution for botnet detection in the DNS traffic an...
متن کاملBotOnus: an online unsupervised method for Botnet detection
Botnets are recognized as one of the most dangerous threats to the Internet infrastructure. They are used for malicious activities such as launching distributed denial of service attacks, sending spam, and leaking personal information. Existing botnet detection methods produce a number of good ideas, but they are far from complete yet, since most of them cannot detect botnets in an early stage ...
متن کاملBotnet Detection Through Fine Flow Classification
The prevalence of botnets, which is defined as a group of infected machines, have become the predominant factor among all the internet malicious attacks such as DDoS, Spam, and Click fraud. The number of botnets is steadily increasing, and the characteristic C&C channels have evolved from IRC to HTTP, FTP, and DNS, etc., and from the centralized structure to P2P and Fast Flux Network Services. ...
متن کاملPsyBoG: A scalable botnet detection method for large-scale DNS traffic
Domain Name System (DNS) traffic has become a rich source of information from a security perspective. However, the volume of DNS traffic has been skyrocketing, such that security analyzers experience difficulties in collecting, retrieving, and analyzing the DNS traffic in response to modern Internet threats. More precisely, much of the research relating to DNS has been negatively affected by th...
متن کامل