Skip to main content
Conference Proceedings

A technique for the botnet detection based on DNS-traffic analysis

Communications in Computer and Information Science (2015) 522 127-138
DOI: 10.1007/978-3-319-19419-6_12
21Citations
Citations of this article
12Readers
Mendeley users who have this article in their library.
Get full text

Abstract

A technique for botnet detection based on a DNS-traffic is developed. Botnets detection based on the property of bots group activity in the DNS-traffic, which appears in a small period of time in the group DNS-queries of hosts during trying to access the C&C-servers, migrations, running commands or downloading the updates of the malware. The method takes into account abnormal behaviors of the hosts’ group, which are similar to botnets: hosts’ group does not honor DNS TTL, carry out the DNS-queries to non-local DNS-servers. Method monitors large number of empty DNS-responses with NXDOMAIN error code. Proposed technique is able to detect botnet with high efficiency.

Author supplied keywords

Cite

CITATION STYLE

APA

Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., & Bobrovnikova, K. (2015). A technique for the botnet detection based on DNS-traffic analysis. In Communications in Computer and Information Science (Vol. 522, pp. 127–138). Springer Verlag. https://doi.org/10.1007/978-3-319-19419-6_12

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free