Fast-flux Botnet Detection Based on Traffic Response and Search Engines Creditworthiness (CROSBI ID 239019)
Prilog u časopisu | izvorni znanstveni rad | međunarodna recenzija
Podaci o odgovornosti
Cafuta, Davor ; Sruk, Vlado ; Dodig, Ivica
engleski
Fast-flux Botnet Detection Based on Traffic Response and Search Engines Creditworthiness
Botnets are considered as the primary threats on the Internet and there have been many research efforts to detect and mitigate them. Today, Botnet uses a DNS technique fast-flux to hide malware sites behind a constantly changing network of compromised hosts. This technique is similar to trustworthy Round Robin DNS technique and Content Delivery Network (CDN). In order to distinguish the normal network traffic from Botnets different techniques are developed with more or less success. The aim of this paper is to improve Botnet detection using an Intrusion Detection System (IDS) or router. A novel classification method for online Botnet detection based on DNS traffic features that distinguish Botnet from a CDN based traffic is presented. Botnet features are classified according to the possibility of usage and implementation in a embedded system. Traffic response is analysed as a strong candidate for online detection. Its disadvantage lies in specific areas where CDN acts as a Botnet. A new feature based on search engine hits is proposed to improve the false positive detection. The experimental evaluations show that proposed classification could significantly improve Botnet detection. A procedure is suggested to implement such a system as a part of an IDS.
Botnet ; IDS ; fast-flux
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
nije evidentirano
Podaci o izdanju
25 (2)
2018.
390-400
objavljeno
1330-3651
1848-6339
10.17559/TV-20161012115204
