DGA botnet detection utilizing social network analysis

Tzy Shiah Wang, Chih Sheng Lin, Hui Tang Lin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

Botnets are one of the major threats to network security. A botnet can launch attacks by stealing information, phishing sites, sending spam mail and setting up distributed denial of service (DDoS). Some botnets called Domain Generation Algorithm (DGA) Botnets apply a domain generation algorithm to avoid being detected by the traditional blacklist detection scheme. Using a domain generation algorithm, a DGA bot periodically generates a huge list of candidate Command and Control server (C&C) domains. The bot then attempts to connect to the C&C server by querying DNS servers for the domains on the list one by one until it connects to an existing C&C server. By doing this, DGA botnets become very elusive and difficult to detect by traditional defending systems and thus have high survivability. To resolve this issue, this study proposes a DGA botnet detection mechanism utilizing the feature-based characteristics of social networks. The effectiveness of this mechanism was measured by implementing it in a campus network environment and observing it over eighteen months. The most interesting finding of this experiment is a new class of DGA botnet with a query pattern that has not been detected before. The results show that the proposed mechanism has the ability to accurately and effectively detect both well-known and new malicious DGA botnets in real-world networks.

Original languageEnglish
Title of host publicationProceedings - 2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages333-336
Number of pages4
ISBN (Electronic)9781509030712
DOIs
Publication statusPublished - 2016 Aug 16
Event2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016 - Xi'an, China
Duration: 2016 Jul 42016 Jul 6

Publication series

NameProceedings - 2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016

Other

Other2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016
Country/TerritoryChina
CityXi'an
Period16-07-0416-07-06

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Computer Networks and Communications
  • Computer Science Applications
  • Energy Engineering and Power Technology
  • Control and Systems Engineering
  • Control and Optimization

Fingerprint

Dive into the research topics of 'DGA botnet detection utilizing social network analysis'. Together they form a unique fingerprint.

Cite this