DNS Query Failure and Algorithmically Generated Domain-Flux Detection

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F14%3A00080502" target="_blank" >RIV/00216224:14330/14:00080502 - isvavai.cz</a>

Výsledek na webu

<a href="http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7141236&newsearch=true&searchWithin=%22First%20Name%22:Ibrahim&searchWithin=%22Last%20Name%22:Ghafir" target="_blank" >http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=7141236&newsearch=true&searchWithin=%22First%20Name%22:Ibrahim&searchWithin=%22Last%20Name%22:Ghafir</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1049/cp.2014.1410" target="_blank" >10.1049/cp.2014.1410</a>

Jazyk výsledku

angličtina

Název v původním jazyce

DNS Query Failure and Algorithmically Generated Domain-Flux Detection

Popis výsledku v původním jazyce

Botnets are now recognized as one of the most serious security threats. Recent botnets such as Conficker, Murofet and BankPatch have used domain flux technique to connect to their command and control (CaC) servers, where each Bot queries for existence ofa series of domain names used as rendezvous points with their controllers while the owner has to register only one such domain name. The large number of potential rendezvous points makes it difficult for law enforcement to effectively shut down botnets.In this paper we present our methodology for detecting algorithmically generated domain flux. Our detection method is based on DNS query failures resulting from domain flux technique. We process the network traffic, particularly DNS traffic. We analyzeall DNS query failures and propose a threshold for DNS query failures from the same IP address.

Název v anglickém jazyce

DNS Query Failure and Algorithmically Generated Domain-Flux Detection

Popis výsledku anglicky

Botnets are now recognized as one of the most serious security threats. Recent botnets such as Conficker, Murofet and BankPatch have used domain flux technique to connect to their command and control (CaC) servers, where each Bot queries for existence ofa series of domain names used as rendezvous points with their controllers while the owner has to register only one such domain name. The large number of potential rendezvous points makes it difficult for law enforcement to effectively shut down botnets.In this paper we present our methodology for detecting algorithmically generated domain flux. Our detection method is based on DNS query failures resulting from domain flux technique. We process the network traffic, particularly DNS traffic. We analyzeall DNS query failures and propose a threshold for DNS query failures from the same IP address.

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/OFMASUN201301" target="_blank" >OFMASUN201301: CIRC - Mobilní dedikované zařízení pro naplňování schopností reakce na počítačové incidenty</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2014

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of International Conference on Frontiers of Communications, Networks and Applications

ISBN

9781785610721

ISSN

—

e-ISSN

—

Počet stran výsledku

5

Strana od-do

1-5

Název nakladatele

IEEE Xplore Digital Library

Místo vydání

Kuala Lumpur, Malaysia

Místo konání akce

Kuala Lumpur, Malaysia

Datum konání akce

3. 11. 2014

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—