Detection of Algorithmically Generated Domain Names in Botnets
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F20%3A00113963" target="_blank" >RIV/00216224:14330/20:00113963 - isvavai.cz</a>
Výsledek na webu
<a href="http://dx.doi.org/10.1007/978-3-030-15032-7_107" target="_blank" >http://dx.doi.org/10.1007/978-3-030-15032-7_107</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1007/978-3-030-15032-7_107" target="_blank" >10.1007/978-3-030-15032-7_107</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Detection of Algorithmically Generated Domain Names in Botnets
Popis výsledku v původním jazyce
Botnets pose a major threat to the information security of organizations and individuals. The bots (malware infected hosts) receive commands and updates from the Command and Control (C&C) servers, and hence, contacting and communicating with these servers is an essential requirement of bots. However, once a malware is identified in the infected host, it is easy to find its C&C server and block it, if the domain names of the servers are hard-coded in the malware. To counter such detection, many malwares families use probabilistic algorithms known as domain generation algorithms (DGAs) to generate domain names for the C&C servers. This makes it difficult to track down the C&C servers of the Botnet even after the malware is identified. In this paper, we propose a probabilistic approach for the identification of domain names which are likely to be generated by a malware using DGA. The proposed solution is based on the hypothesis that human generated domain names are usually inspired by the words from a particular language (say English), whereas DGA generated domain names should contain random sub-strings in it. Results show that the percentage of false negatives in the detection of DGA generated domain names using the proposed method is less than 29% across 30 DGA families considered by us in our experimentation.
Název v anglickém jazyce
Detection of Algorithmically Generated Domain Names in Botnets
Popis výsledku anglicky
Botnets pose a major threat to the information security of organizations and individuals. The bots (malware infected hosts) receive commands and updates from the Command and Control (C&C) servers, and hence, contacting and communicating with these servers is an essential requirement of bots. However, once a malware is identified in the infected host, it is easy to find its C&C server and block it, if the domain names of the servers are hard-coded in the malware. To counter such detection, many malwares families use probabilistic algorithms known as domain generation algorithms (DGAs) to generate domain names for the C&C servers. This makes it difficult to track down the C&C servers of the Botnet even after the malware is identified. In this paper, we propose a probabilistic approach for the identification of domain names which are likely to be generated by a malware using DGA. The proposed solution is based on the hypothesis that human generated domain names are usually inspired by the words from a particular language (say English), whereas DGA generated domain names should contain random sub-strings in it. Results show that the percentage of false negatives in the detection of DGA generated domain names using the proposed method is less than 29% across 30 DGA families considered by us in our experimentation.
Klasifikace
Druh
D - Stať ve sborníku
CEP obor
—
OECD FORD obor
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Návaznosti výsledku
Projekt
<a href="/cs/project/GA102%2F06%2F0711" target="_blank" >GA102/06/0711: Kryptografické generátory náhodných a pseudonáhodných čísel</a><br>
Návaznosti
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Ostatní
Rok uplatnění
2020
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název statě ve sborníku
Advanced Information Networking and Applications, AINA 2019
ISBN
9783030150310
ISSN
2194-5357
e-ISSN
—
Počet stran výsledku
12
Strana od-do
1279-1290
Název nakladatele
Springer Nature Switzerland
Místo vydání
Cham, Switzerland
Místo konání akce
Cham, Switzerland
Datum konání akce
1. 1. 2020
Typ akce podle státní příslušnosti
CST - Celostátní akce
Kód UT WoS článku
—