Detecting Active Bot Networks Based on DNS Traffic Analysis
Subject Areas : Network SecurityZahra Nafarieh 1 , Ebrahim Mahdipur 2 , Haj Hamid Haj Seyed Javadi 3
1 - Department of Electrical and Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran.
2 - Department of Electrical and Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran.
3 - Department of Mathematics and Computer Science, Shahed University, Tehran, Iran..
Keywords:
Abstract :
[1] Alomari, E., Manickam, S., Gupta, B.B., Karuppayah, S. and Alfaris, R., 2012. Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art. arXiv preprint arXiv:1208.0403.
[2] Lu, W., Rammidi, G. and Ghorbani, A.A., 2011. Clustering botnet communication traffic based on n-gram feature selection. Computer Communications, 34(3), pp.502-514.
[3] Almomani, A., Gupta, B.B., Wan, T.C., Altaher, A. and Manickam, S., 2013. Phishing dynamic evolving neural fuzzy framework for online detection zero-day phishing email. arXiv preprint arXiv:1302.0629.
[4] Al-Momani, A., Wan, T.C., Al-Saedi, K., Altaher, A., Ramadass, S., Manasrah, A., Melhim, L.B. and Anbar, M., 2011. An online model on evolving phishing e-mail detection and classification method. journal of applied science, 11(18), pp.3301-3307.
[5] Alieyan, K., ALmomani, A., Manasrah, A. and Kadhum, M.M., 2017. A survey of botnet detection based on DNS. Neural Computing and Applications, 28(7), pp.1541-1558.
[6] Zeidanloo, H.R., Shooshtari, M.J.Z., Amoli, P.V., Safari, M. and Zamani, M., 2010, July. A taxonomy of botnet detection techniques. In Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on (Vol. 2, pp. 158-162). IEEE.
[7] Karim, A., Salleh, R.B., Shiraz, M., Shah, S.A.A., Awan, I. and Anuar, N.B., 2014. Botnet detection techniques: review, future trends, and issues. Journal of Zhejiang University SCIENCE C, 15(11), pp.943-983.
[8] Alieyan, K., ALmomani, A., Manasrah, A. and Kadhum, M.M., 2017. A survey of botnet detection based on DNS. Neural Computing and Applications, 28(7), pp.1541-1558.
[9] Stevanovic, M., Pedersen, J.M., D’Alconzo, A. and Ruehrup, S., 2017. A method for identifying compromised clients based on DNS traffic analysis. International Journal of Information Security, 16(2), pp.115-132.
[10] Zhao, G., Xu, K., Xu, L. and Wu, B., 2015. Detecting APT malware infections based on malicious DNS and traffic analysis. IEEE Access, 3, pp.1132-1142.
[11] Das, S., Mukhopadhyay, A. and Shukla, G.K., 2013, January. i-HOPE framework for predicting cyber breaches: a logit approach. In System Sciences (HICSS), 2013 46th Hawaii International Conference on (pp. 3008-3017). IEEE.
[12] Bhandari, A., Sangal, A.L. and Kumar, K., 2016. Characterizing flash events and distributed denial‐of‐service attacks: an empirical investigation. Security and Communication Networks, 9(13), pp.2222-2239.
[13] Woodie, A., 2015. Why Gartner dropped big data off the hype curve.
[14] Marty, R., 2009. Applied security visualization (p. 552). Upper Saddle River: Addison-Wesley.
[15] Choi, H. and Lee, H., 2012. Identifying botnets by capturing group activities in DNS traffic. Computer Networks, 56(1), pp.20-33.
[16] Gu, G., Yegneswaran, V., Porras, P., Stoll, J. and Lee, W., 2009, December. Active botnet probing to identify obscure command and control channels. In Computer Security Applications Conference, 2009. ACSAC'09. Annual (pp. 241-253). IEEE.
[17] Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C. and Vigna, G., 2009, November. Your botnet is my botnet: analysis of a botnet takeover. In Proceedings of the 16th ACM conference on Computer and communications security (pp. 635-647). ACM.
[18] Huang, C.Y., 2013. Effective bot host detection based on network failure models. Computer Networks, 57(2), pp.514-525.
[19] Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou, N. and Dagon, D., 2011, August. Detecting Malware Domains at the Upper DNS Hierarchy. In USENIX security symposium (Vol. 11, pp. 1-16).
[20] Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W. and Dagon, D., 2012, August. From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware. In USENIX security symposium (Vol. 12).
[21] Perdisci, R., Corona, I. and Giacinto, G., 2012. Early detection of malicious flux networks via large-scale passive DNS traffic analysis. IEEE Transactions on Dependable and Secure Computing, 9(5), pp.714-726.
[22] Bilge, L., Sen, S., Balzarotti, D., Kirda, E. and Kruegel, C., 2014. Exposure: A passive dns analysis service to detect and report malicious domains. ACM Transactions on Information and System Security (TISSEC), 16(4), p.14.
[23] Kang, B.B.H., 2011. DNS-based botnet detection. In Encyclopedia of Cryptography and Security (pp. 362-363). Springer, Boston, MA.
