All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Detecting DGA malware using NetFlow

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F15%3A00233467" target="_blank" >RIV/68407700:21230/15:00233467 - isvavai.cz</a>

  • Result on the web

    <a href="http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7140486" target="_blank" >http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7140486</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1109/INM.2015.7140486" target="_blank" >10.1109/INM.2015.7140486</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Detecting DGA malware using NetFlow

  • Original language description

    Botnet detection systems struggle with performance and privacy issues when analyzing data from large-scale networks. Deep packet inspection, reverse engineering, clustering and other time consuming approaches are unfeasible for large-scale networks. Therefore, many researchers focus on fast and simple botnet detection methods that use as little information as possible to avoid privacy violations. We present a novel technique for detecting malware using Domain Generation Algorithms (DGA), that is able toevaluate data from large scale networks without reverse engineering a binary or performing Non-Existent Domain (NXDomain) inspection. We propose to use a statistical approach and model the ratio of DNS requests and visited IPs for every host in the local network and label the deviations from this model as DGA-performing malware. We expect the malware to try to resolve more domains during a small time interval without a corresponding amount of newly visited IPs. For this we need only the

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

    JC - Computer hardware and software

  • OECD FORD branch

Result continuities

  • Project

  • Continuities

    I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Others

  • Publication year

    2015

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM)

  • ISBN

    978-3-901882-76-0

  • ISSN

  • e-ISSN

  • Number of pages

    6

  • Pages from-to

    1304-1309

  • Publisher name

    IEEE

  • Place of publication

    Piscataway

  • Event location

    Ottawa

  • Event date

    May 11, 2015

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

Malware detection using HTTP user-agent discrepancy identificationDetecting DGA Malware traffic through Behavioral ModelsDetection of Algorithmically Generated Domain Names in Botnets