All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Detection of Algorithmically Generated Domain Names in Botnets

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F20%3A00113963" target="_blank" >RIV/00216224:14330/20:00113963 - isvavai.cz</a>

  • Result on the web

    <a href="http://dx.doi.org/10.1007/978-3-030-15032-7_107" target="_blank" >http://dx.doi.org/10.1007/978-3-030-15032-7_107</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1007/978-3-030-15032-7_107" target="_blank" >10.1007/978-3-030-15032-7_107</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Detection of Algorithmically Generated Domain Names in Botnets

  • Original language description

    Botnets pose a major threat to the information security of organizations and individuals. The bots (malware infected hosts) receive commands and updates from the Command and Control (C&amp;C) servers, and hence, contacting and communicating with these servers is an essential requirement of bots. However, once a malware is identified in the infected host, it is easy to find its C&amp;C server and block it, if the domain names of the servers are hard-coded in the malware. To counter such detection, many malwares families use probabilistic algorithms known as domain generation algorithms (DGAs) to generate domain names for the C&amp;C servers. This makes it difficult to track down the C&amp;C servers of the Botnet even after the malware is identified. In this paper, we propose a probabilistic approach for the identification of domain names which are likely to be generated by a malware using DGA. The proposed solution is based on the hypothesis that human generated domain names are usually inspired by the words from a particular language (say English), whereas DGA generated domain names should contain random sub-strings in it. Results show that the percentage of false negatives in the detection of DGA generated domain names using the proposed method is less than 29% across 30 DGA families considered by us in our experimentation.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

    <a href="/en/project/GA102%2F06%2F0711" target="_blank" >GA102/06/0711: Cryptographic random and pseudo-random number generators</a><br>

  • Continuities

    P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Others

  • Publication year

    2020

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Advanced Information Networking and Applications, AINA 2019

  • ISBN

    9783030150310

  • ISSN

    2194-5357

  • e-ISSN

  • Number of pages

    12

  • Pages from-to

    1279-1290

  • Publisher name

    Springer Nature Switzerland

  • Place of publication

    Cham, Switzerland

  • Event location

    Cham, Switzerland

  • Event date

    Jan 1, 2020

  • Type of event by nationality

    CST - Celostátní akce

  • UT code for WoS article

Similar results(10)

Deep Convolutional Neural Networks for DGA DetectionDetecting DGA Malware traffic through Behavioral ModelsDetecting DGA malware using NetFlow