DGA botnet detection utilizing social network analysis

Tzy Shiah Wang, Chih Sheng Lin, Hui Tang Lin

研究成果: Conference contribution

5 引文 斯高帕斯(Scopus)

摘要

Botnets are one of the major threats to network security. A botnet can launch attacks by stealing information, phishing sites, sending spam mail and setting up distributed denial of service (DDoS). Some botnets called Domain Generation Algorithm (DGA) Botnets apply a domain generation algorithm to avoid being detected by the traditional blacklist detection scheme. Using a domain generation algorithm, a DGA bot periodically generates a huge list of candidate Command and Control server (C&C) domains. The bot then attempts to connect to the C&C server by querying DNS servers for the domains on the list one by one until it connects to an existing C&C server. By doing this, DGA botnets become very elusive and difficult to detect by traditional defending systems and thus have high survivability. To resolve this issue, this study proposes a DGA botnet detection mechanism utilizing the feature-based characteristics of social networks. The effectiveness of this mechanism was measured by implementing it in a campus network environment and observing it over eighteen months. The most interesting finding of this experiment is a new class of DGA botnet with a query pattern that has not been detected before. The results show that the proposed mechanism has the ability to accurately and effectively detect both well-known and new malicious DGA botnets in real-world networks.

原文English
主出版物標題Proceedings - 2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016
發行者Institute of Electrical and Electronics Engineers Inc.
頁面333-336
頁數4
ISBN(電子)9781509030712
DOIs
出版狀態Published - 2016 八月 16
事件2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016 - Xi'an, China
持續時間: 2016 七月 42016 七月 6

出版系列

名字Proceedings - 2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016

Other

Other2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016
國家China
城市Xi'an
期間16-07-0416-07-06

    指紋

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Computer Networks and Communications
  • Computer Science Applications
  • Energy Engineering and Power Technology
  • Control and Systems Engineering
  • Control and Optimization

引用此

Wang, T. S., Lin, C. S., & Lin, H. T. (2016). DGA botnet detection utilizing social network analysis. 於 Proceedings - 2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016 (頁 333-336). [7545203] (Proceedings - 2016 IEEE International Symposium on Computer, Consumer and Control, IS3C 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IS3C.2016.93