Abstract
A technique for botnet detection based on a DNS-traffic is developed. Botnets detection based on the property of bots group activity in the DNS-traffic, which appears in a small period of time in the group DNS-queries of hosts during trying to access the C&C-servers, migrations, running commands or downloading the updates of the malware. The method takes into account abnormal behaviors of the hosts’ group, which are similar to botnets: hosts’ group does not honor DNS TTL, carry out the DNS-queries to non-local DNS-servers. Method monitors large number of empty DNS-responses with NXDOMAIN error code. Proposed technique is able to detect botnet with high efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sochor, T., Zuzcak, M.: Study of internet threats and attack methods using honeypots and honeynets. In: Kwiecień, A., Gaj, P., Stera, P. (eds.) CN 2014. CCIS, vol. 431, pp. 118–127. Springer, Heidelberg (2014)
Lysenko, S., Savenko, O., Kryshchuk, A., Kljots, Y.: Botnet detection technique for corporate area network. In: Proceedings of the 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), pp. 363–368. IEEE, Berlin (2013)
Schiller, C., Binkley, J.R.: Botnets: The Killer Web Application. Syngress Publishing, Rockland (2007)
DAMBALLA. Botnet Detection for Communications Service Providers. https://www.damballa.com/downloads/r_pubs/WP_Botnet_Detection_for_CSPs.pdf
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: 19th Usenix Security Symposium (2010)
Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: finding malicious domains using passive DNS analysis. In: NDSS (2011)
VillamarĂn-SalomĂłn, R., Brustoloni, J.C.: Identifying botnets using anomaly detection techniques appliedto DNS traffic. In: Consumer Communications and Networking Conference (2008)
Choi, H., Lee, H., Lee, H., Kim, H.: Botnet detection by monitoring group activities in DNS traffic. In: Seventh IEEE International Conference on Computer and Information Technology, pp. 715–720 (2007)
Manasrah, A.M., Hasan, A., Abouabdalla, O.A., Ramadass, S.: Detecting botnet activities based on abnormal DNS traffic. Int. J. Comput. Sci. Inf. Secur. (IJCSIS) 6(1), 97–104 (2009)
Choi, H., Lee, H.: Identifying botnets by capturing group activities in DNS traffic. Comput. Netw. 56, 20–33 (2012)
Roshna, R.S., Vinodh, E.: Botnet detection using adaptive neuro Fuzzy inference system. Int. J. Eng. Res. Appl. (IJERA) 3(2), 1440–1445 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., Bobrovnikova, K. (2015). A Technique for the Botnet Detection Based on DNS-Traffic Analysis. In: Gaj, P., Kwiecień, A., Stera, P. (eds) Computer Networks. CN 2015. Communications in Computer and Information Science, vol 522. Springer, Cham. https://doi.org/10.1007/978-3-319-19419-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-19419-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19418-9
Online ISBN: 978-3-319-19419-6
eBook Packages: Computer ScienceComputer Science (R0)