All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Detecting DGA Malware traffic through Behavioral Models

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F16%3A00306875" target="_blank" >RIV/68407700:21230/16:00306875 - isvavai.cz</a>

  • Result on the web

    <a href="http://ieeexplore.ieee.org/document/7585238/" target="_blank" >http://ieeexplore.ieee.org/document/7585238/</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1109/ARGENCON.2016.7585238" target="_blank" >10.1109/ARGENCON.2016.7585238</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Detecting DGA Malware traffic through Behavioral Models

  • Original language description

    Abstract: Some botnets use special algorithms to generate the domain names they need to connect to their command and control servers. They are refereed as Domain Generation Algorithms. Domain Generation Algorithms generate domain names and tries to resolve their IP addresses. If the domain has an IP address, it is used to connect to that command and control server. Otherwise, the DGA generates a new domain and keeps trying to connect. In both cases it is possible to capture and analyze the special behavior shown by those DNS packets in the network. The behavior of Domain Generation Algorithms is difficult to automatically detect because each domain is usually randomly generated and therefore unpredictable. Hence, it is challenging to separate the DNS traffic generated by malware from the DNS traffic generated by normal computers. In this work we analyze the use of behavioral detection approaches based on Markov Models to differentiate Domain Generation Algorithms traffic from normal DNS traffic. The evaluation methodology of our detection models has focused on a real-time approach based on the use of time windows for reporting the alerts. All the detection models have shown a clear differentiation between normal and malicious DNS traffic and most have also shown a good detection rate. We believe this work is a further step in using behavioral models for network detection and we hope to facilitate the development of more general and better behavioral detection methods of malware traffic.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

    IN - Informatics

  • OECD FORD branch

Result continuities

  • Project

  • Continuities

    I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Others

  • Publication year

    2016

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    2016 IEEE Biennial Congress of Argentina

  • ISBN

    978-1-4673-9764-3

  • ISSN

  • e-ISSN

  • Number of pages

    6

  • Pages from-to

  • Publisher name

    American Institute of Physics and Magnetic Society of the IEEE

  • Place of publication

    San Francisco

  • Event location

    Buenos Aires

  • Event date

    Jun 15, 2016

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    000386665200002

Similar results(10)

DNS Query Failure and Algorithmically Generated Domain-Flux DetectionDetecting the Behavioral Relationships of Malware ConnectionsBringing a GAN to a Knife-Fight: Adapting Malware Communication to Avoid Detection