Detecting Active Bot Networks Based on DNS Traffic Analysis
نویسندگان
چکیده مقاله:
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and reducing the activity of the Botnets. DNS queries are sent in the early stages of the life cycle of each Botnet, so infected hosts are identified before any malicious activity is performed. Because the exchange of information in the network environment and the volume of information is very high, Storing and indexing this massive data requires a large database. By using the DNS traffic analysis, we try to identify the Botnets. We used the data generated from the network traffic and information of known Botnets with the Splunk platform to conduct data analysis to quickly identify attacks and predict potential dangers that could arise. The analysis results were used in tests conducted on real network environments to determine the types of attacks. Visual IP mapping was then used to determine actions that could be taken. The proposed method is capable of recognizing known and unknown Bots.
منابع مشابه
Detecting Bot Networks Based On HTTP And TLS Traffic Analysis
Abstract— Bot networks are a serious threat to cyber security, whose destructive behavior affects network performance directly. Detecting of infected HTTP communications is a big challenge because infected HTTP connections are clearly merged with other types of HTTP traffic. Cybercriminals prefer to use the web as a communication environment to launch application layer attacks and secretly enga...
متن کاملDetecting Botnet Activities Based on Abnormal DNS traffic
The botnet is considered as a critical issue of the Internet due to its fast growing mechanism and affect. Recently, Botnets have utilized the DNS and query DNS server just like any legitimate hosts. In this case, it is difficult to distinguish between the legitimate DNS traffic and illegitimate DNS traffic. It is important to build a suitable solution for botnet detection in the DNS traffic an...
متن کاملAn Fpga-based System for Detecting Malicious Dns Network Traffic
Billions of packets traverse computer networks every day. Often, these packets have legitimate destinations such as buying a book at amazon.com or streaming a video. Unfortunately, malicious and suspicious network traffic continues to plague the Internet. One example is abusing the Domain Name System (DNS) protocol to exfiltrate sensitive data, establish backdoor tunnels, or control botnets. To...
متن کاملBotnet Malicious Activity Detection Based on DNS Traffic Analysis
In the field of internet security botnet is becoming the significant threat as more number of users are connected to internet. Botnet which is a collection of infected computers so called (bots) are becoming the major threat to internet community. The difference between a malware and botnet is that bot is remotely controlled by a C&C server which are under the control of a botmaster. Here in th...
متن کاملDetecting BOT Victim in Client Networks
In this paper we discuss my research in detecting bot victim in client networks. Botnets are collections of Internet hosts (―bots‖) that, through malware infection, have fallen under the control of a single entity (―botmaster‖). Botnets perform network scanning for different reasons: propagation, enumeration, penetration. One common type of scanning, called ―horizontal scanning,‖ systematically...
متن کاملAn FPGA System for Detecting Malicious DNS Network Traffic
Billions of legitimate packets traverse computer networks every day. Unfortunately, malicious traffic also traverses these same networks. An example is traffic that abuses the Domain Name System (DNS) protocol to exfiltrate sensitive data, establish backdoor tunnels or control botnets. This paper describes the TRAPP-2 system, an extended version of the Tracking and Analysis for Peer-to-Peer (TR...
متن کاملمنابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ذخیره در منابع من قبلا به منابع من ذحیره شده{@ msg_add @}
عنوان ژورنال
دوره 5 شماره 3
صفحات 129- 138
تاریخ انتشار 2019-08-01
با دنبال کردن یک ژورنال هنگامی که شماره جدید این ژورنال منتشر می شود به شما از طریق ایمیل اطلاع داده می شود.
میزبانی شده توسط پلتفرم ابری doprax.com
copyright © 2015-2023