Abstract
A new information technology for botnets detection based on the analysis of the botnets’ behaviour in the corporate area network is proposed. Botnets detection is performing combining two ways: using network-level and host-level analysis. One approach makes it possible to analyze the behaviour of the software in the host, which may indicate the possible presence of bot directly in the host and identify malicious software, and another one involves monitoring and analyzing the DNS-traffic, which allows making conclusion about network hosts’ infections with bot of the botnet. Based on this information technology an effective botnets detection tool BotGRABBER was constructed. It is able to detect bots, that use such evasion techniques as cycling of IP mapping, “domain flux”, “fast flux”, DNS-tunneling. Usage of the developed system makes it possible to detect infected hosts by bots of the botnets with high efficiency.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Komar, M., Kochan, V., Sachenko, A., Ababii, V.: Improving of the security of intrusion detection system. In: 2016 International Conference on Development and Application Systems (DAS), pp. 315–319 (2016)
Harsha, T., Asha, S., Soniya, B.: Feature selection for effective botnet detection based on periodicity of traffic. In: Ray, I., Gaur, M.S., Conti, M., Sanghi, D., Kamakoti, V. (eds.) ICISS 2016. LNCS, vol. 10063, pp. 471–478. Springer, Cham (2016). doi:10.1007/978-3-319-49806-5_26
Sochor, T., Zuzcak, M.: Attractiveness study of honeypots and honeynets in internet threat detection. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2015. CCIS, vol. 522, pp. 69–81. Springer, Cham (2015). doi:10.1007/978-3-319-19419-6_7
Sochor, T., Zuzcak, M., Bujok, P.: Analysis of attackers against windows emulating honeypots in various types of networks and regions. In: International Conference on Ubiquitous and Future Networks, pp. 863–868 (2016)
Dietz, C., Sperotto, A., Dreo, G., Pras, A.: How to achieve early botnet detection at the provider level? In: Badonnel, R., Koch, R., Pras, A., Drašar, M., Stiller, B. (eds.) AIMS 2016. LNCS, vol. 9701, pp. 142–146. Springer, Cham (2016). doi:10.1007/978-3-319-39814-3_15
Kwon, J., Lee, J., Lee, H., Perrig, A.: PsyBoG: a scalable botnet detection method for large-scale DNS traffic. In: Computer Networks, vol. 97, pp. 48–73 (2016)
Sharifnya, R., Abadi, M.: DFBotKiller: domain-flux botnet detection based on the history of group activities and failures in DNS traffic. Digit. Invest. 12, 15–26 (2015)
Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., Bobrovnikova, K.: Anti-evasion technique for the botnets detection based on the passive DNS monitoring and active DNS probing. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2016. CCIS, vol. 608, pp. 83–95. Springer, Cham (2016). doi:10.1007/978-3-319-39207-3_8
Schiller, C., Binkley, R., Botnets, J.: The Killer Web Application, p. 464. Syngress Publishing, Burlington (2007)
Yadav, S., Reddy, A.L.N.: Winning with DNS failures: strategies for faster botnet detection. In: Proceedings of the 7th International ICST Conference on Security and Privacy in Communication Networks, pp. 446–459 (2011)
Salusky, W., Danford, R.: Know your enemy: fast-flux service networks. The Honeynet Project (2007). http://www.honeynet.org/book/export/html/130
Nazario, J., Holz, T.: As the net churns: fast-flux botnet observations. In: Conference on Malicious and Unwanted Software (Malware 2008), pp. 24–31 (2008)
DAMBALLA: Botnet Communication Topologies. Understanding the intricacies of botnet command-and-control. https://www.damballa.com/downloads/r_pubs/WP_Botnet_Communications_Primer.pdf
Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: finding malicious domains using passive DNS analysis. In: NDSS, pp. 1–17 (2011)
Farnham, G., Atlasis, A.: Detecting DNS tunneling. SANS Institute InfoSec Reading Room, pp. 1–32 (2013)
Dietrich, C.J., Rossow, C., Freiling, F.C., Bos, H., van Steen, M., Pohlmann, N.: On Botnets that use DNS for command and control. In: Proceedings of European Conference on Computer Network Defense, pp. 9–16 (2011)
Guy, J.: A study of DNS, 30 January 2009. http://armatum.com/blog/2009/a-study-of-dns/
Guy, J.: DNS part ii: visualization, 13 February 2009. http://armatum.com/blog/2009/dns-part-ii/
Tarhio, J., Ukkonen, E.: Approximate BoyerMoore string matching. SIAM J. Comput. 22(2), 243–260 (1993)
Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., Bobrovnikova, K.: A technique for the Botnet detection based on DNS-traffic analysis. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2015. CCIS, vol. 522, pp. 127–138. Springer, Cham (2015). doi:10.1007/978-3-319-19419-6_12
Dipankar, D.: Artificial immune systems. In: Encyclopedia of Sciences and Religions, pp. 136–139 (2013)
Zhang, F., Qi, D.: A positive selection algorithm for classification. J. Comput. Inf. Syst. 207–215 (2012)
Goswami, M., Bhattacharjee, A.: Detector generation algorithm for self-nonself detection in artificial immune system. In: 2014 International Conference for Technology on Convergence of Technology (I2CT), pp. 1–6 (2014)
Acknowledgments
This research was supported by a TEMPUS SEREIN project (Project reference number 543968-TEMPUS-1-2013-1-EE-TEMPUS-JPCP). Additionally, we thank the Khmelnytsky National University for providing access to the DNS-traffic during the early phases of this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Lysenko, S., Savenko, O., Bobrovnikova, K., Kryshchuk, A., Savenko, B. (2017). Information Technology for Botnets Detection Based on Their Behaviour in the Corporate Area Network. In: Gaj, P., Kwiecień, A., Sawicki, M. (eds) Computer Networks. CN 2017. Communications in Computer and Information Science, vol 718. Springer, Cham. https://doi.org/10.1007/978-3-319-59767-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-59767-6_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59766-9
Online ISBN: 978-3-319-59767-6
eBook Packages: Computer ScienceComputer Science (R0)