Kindred Domains: Detecting and Clustering Botnet Domains Using DNS Traffic

被引:39
|
作者
Thomas, Matthew [1 ]
Mohaisen, Aziz [1 ]
机构
[1] Verisign Labs, Reston, VA 20190 USA
来源
WWW'14 COMPANION: PROCEEDINGS OF THE 23RD INTERNATIONAL CONFERENCE ON WORLD WIDE WEB | 2014年
关键词
Malware; Clustering; Automatic Analysis; DNS;
D O I
10.1145/2567948.2579359
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In this paper we focus on detecting and clustering distinct groupings of domain names that are queried by numerous sets of infected machines. We propose to analyze domain name system (DNS) traffic, such as Non-Existent Domain (NXDomain) queries, at several premier Top Level Domain (TLD) authoritative name servers to identify strongly connected cliques of malware related domains. We illustrate typical malware DNS lookup patterns when observed on a global scale and utilize this insight to engineer a system capable of detecting and accurately clustering malware domains to a particular variant or malware family without the need for obtaining a malware sample. Finally, the experimental results of our system will provide a unique perspective on the current state of globally distributed malware, particularly the ones that use DNS.
引用
收藏
页码:707 / 712
页数:6
相关论文
共 50 条
  • [1] A Clustering Approach for Detecting Auto-generated Botnet Domains
    Pu, Yang
    Chen, Xiaojun
    Pu, Yiguo
    Shi, JinQiao
    [J]. APPLICATIONS AND TECHNIQUES IN INFORMATION SECURITY, ATIS 2015, 2015, 557 : 269 - 279
  • [2] Detecting Malicious Domains by Massive DNS Traffic Data Analysis
    Tian, Shiqi
    Fang, Cheng
    Liu, Jun
    Lei, Zhenming
    [J]. 2016 8TH INTERNATIONAL CONFERENCE ON INTELLIGENT HUMAN-MACHINE SYSTEMS AND CYBERNETICS (IHMSC), VOL. 1, 2016, : 130 - 133
  • [3] Classifying Malicious Domains using DNS Traffic Analysis
    Mahdavifar, Samaneh
    Maleki, Nasim
    Lashkari, Arash Habibi
    Broda, Matt
    Razavi, Amir H.
    [J]. 2021 IEEE INTL CONF ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, INTL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING, INTL CONF ON CLOUD AND BIG DATA COMPUTING, INTL CONF ON CYBER SCIENCE AND TECHNOLOGY CONGRESS DASC/PICOM/CBDCOM/CYBERSCITECH 2021, 2021, : 60 - 67
  • [4] Detecting HTTP Botnet with Clustering Network Traffic
    Cai, Tao
    Zou, Futai
    [J]. 2012 INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING (WICOM), 2012,
  • [5] Exploiting DNS Traffic to Rank Internet Domains
    Deri, Luca
    Mainardi, Simone
    Martinelli, Maurizio
    Gregori, Enrico
    [J]. 2013 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS WORKSHOPS (IEEE ICC), 2013, : 1325 - 1329
  • [6] DNS Traffic Analysis for Malicious Domains Detection
    Ghafir, Ibrahim
    Prenosil, Vaclav
    [J]. 2ND INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING AND INTEGRATED NETWORKS (SPIN) 2015, 2015, : 613 - 618
  • [7] CODDULM: an Approach for Detecting C&C Domains of DGA on Passive DNS Traffic
    Han, Chunyu
    Zhang, Yongzheng
    [J]. PROCEEDINGS OF 2017 6TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT 2017), 2017, : 385 - 388
  • [8] DNS Noise: Measuring the Pervasiveness of Disposable Domains in Modern DNS Traffic
    Chen, Yizheng
    Antonakakis, Manos
    Perdisci, Roberto
    Nadji, Yacin
    Dagon, David
    Lee, Wenke
    [J]. 2014 44TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS (DSN), 2014, : 598 - 609
  • [9] Comparison of DNS Based Methods for Detecting Malicious Domains
    Paz, Eyal
    Gudes, Ehud
    [J]. CYBER SECURITY CRYPTOGRAPHY AND MACHINE LEARNING (CSCML 2020), 2020, 12161 : 219 - 236
  • [10] Detecting DGA-Based Botnet with DNS Traffic Analysis in Monitored Network
    Dinh-Tu Truong
    Cheng, Guang
    Jakalan, Ahmad
    Guo, Xiaojun
    Zhou, Aiping
    [J]. JOURNAL OF INTERNET TECHNOLOGY, 2016, 17 (02): : 217 - 230
12345