Skip to main content
Conference Proceedings

Anti-evasion technique for the botnets detection based on the passive DNS monitoring and active DNS probing

Communications in Computer and Information Science (2016) 608 83-95
DOI: 10.1007/978-3-319-39207-3_8
25Citations
Citations of this article
7Readers
Mendeley users who have this article in their library.
Get full text

Abstract

A new DNS-based anti-evasion technique for botnets detection in the corporate area networks is proposed. Combining of the passive DNS monitoring and active DNS probing have made it possible to construct effective BotGRABBER detection system for botnets, which uses such evasion techniques as cycling of IP mapping, “domain flux”, “fast flux”, DNS-tunneling. BotGRABBER system is based on a cluster analysis of the features obtained from the payload of DNS-messages and uses active probing analysis. Usage of the developed method makes it possible to detect infected hosts by bots of the botnets with high efficiency.

Author supplied keywords

Cite

CITATION STYLE

APA

Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., & Bobrovnikova, K. (2016). Anti-evasion technique for the botnets detection based on the passive DNS monitoring and active DNS probing. In Communications in Computer and Information Science (Vol. 608, pp. 83–95). Springer Verlag. https://doi.org/10.1007/978-3-319-39207-3_8

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free