DGA botnet detection utilizing social network analysis

Tzy Shiah Wang, Chih Sheng Lin, Hui Tang Lin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Botnets are one of the major threats to network security. A botnet can launch attacks by stealing information, phishing sites, sending spam mail and setting up distributed denial of service (DDoS). Some botnets called Domain Generation Algorithm (DGA) Botnets apply a domain generation algorithm to avoid being detected by the traditional blacklist detection scheme. Using a domain generation algorithm, a DGA bot periodically generates a huge list of candidate Command and Control server (C&C) domains. The bot then attempts to connect to the C&C server by querying DNS servers for the domains on the list one by one until it connects to an existing C&C server. By doing this, DGA botnets become very elusive and difficult to detect by traditional defending systems and thus have high survivability. To resolve this issue, this study proposes a DGA botnet detection mechanism utilizing the feature-based characteristics of social networks. The effectiveness of this mechanism was measured by implementing it in a campus network environment and observing it over eighteen months. The most interesting finding of this experiment is a new class of DGA botnet with a query pattern that has not been detected before. The results show that the proposed mechanism has the ability to accurately and effectively detect both well-known and new malicious DGA botnets in real-world networks.

Original languageEnglish
Title of host publicationProceedings - 2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages333-336
Number of pages4
ISBN (Electronic)9781509030712
DOIs
Publication statusPublished - 2016 Aug 16
Event2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016 - Xi'an, China
Duration: 2016 Jul 42016 Jul 6

Publication series

NameProceedings - 2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016

Other

Other2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016
CountryChina
CityXi'an
Period16-07-0416-07-06

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Computer Networks and Communications
  • Computer Science Applications
  • Energy Engineering and Power Technology
  • Control and Systems Engineering
  • Control and Optimization

Cite this

Wang, T. S., Lin, C. S., & Lin, H. T. (2016). DGA botnet detection utilizing social network analysis. In Proceedings - 2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016 (pp. 333-336). [7545203] (Proceedings - 2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IS3C.2016.93