A technique for botnet detection based on a DNS-traffic is developed. Botnets detection based on the property of bots group activity in the DNS-traffic, which appears in a small period of time in the group DNS-queries of hosts during trying to access the C&C-servers, migrations, running commands or downloading the updates of the malware. The method takes into account abnormal behaviors of the hosts’ group, which are similar to botnets: hosts’ group does not honor DNS TTL, carry out the DNS-queries to non-local DNS-servers. Method monitors large number of empty DNS-responses with NXDOMAIN error code. Proposed technique is able to detect botnet with high efficiency.
CITATION STYLE
Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., & Bobrovnikova, K. (2015). A technique for the botnet detection based on DNS-traffic analysis. In Communications in Computer and Information Science (Vol. 522, pp. 127–138). Springer Verlag. https://doi.org/10.1007/978-3-319-19419-6_12
Mendeley helps you to discover research relevant for your work.