A new DNS-based anti-evasion technique for botnets detection in the corporate area networks is proposed. Combining of the passive DNS monitoring and active DNS probing have made it possible to construct effective BotGRABBER detection system for botnets, which uses such evasion techniques as cycling of IP mapping, “domain flux”, “fast flux”, DNS-tunneling. BotGRABBER system is based on a cluster analysis of the features obtained from the payload of DNS-messages and uses active probing analysis. Usage of the developed method makes it possible to detect infected hosts by bots of the botnets with high efficiency.
CITATION STYLE
Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., & Bobrovnikova, K. (2016). Anti-evasion technique for the botnets detection based on the passive DNS monitoring and active DNS probing. In Communications in Computer and Information Science (Vol. 608, pp. 83–95). Springer Verlag. https://doi.org/10.1007/978-3-319-39207-3_8
Mendeley helps you to discover research relevant for your work.