Detection of Algorithmically Generated Domain Names in Botnets

D 2020

Detection of Algorithmically Generated Domain Names in Botnets

VISHWAKARMA, Deepak Kumar, Ashutosh BHATIA a Zdeněk ŘÍHA

Základní údaje

Originální název

Detection of Algorithmically Generated Domain Names in Botnets

Název česky

Detekce algoritmicky generovaných doménových jmen v botnetech

Autoři

VISHWAKARMA, Deepak Kumar (356 Indie), Ashutosh BHATIA (356 Indie) a Zdeněk ŘÍHA (203 Česká republika, domácí)

Vydání

Cham, Switzerland, Advanced Information Networking and Applications, AINA 2019, od s. 1279-1290, 12 s. 2020

Nakladatel

Springer Nature Switzerland

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10201 Computer sciences, information science, bioinformatics

Stát vydavatele

Švýcarsko

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

tištěná verze "print"

Kód RIV

RIV/00216224:14330/20:00113963

Organizační jednotka

Fakulta informatiky

ISBN

978-3-030-15031-0

ISSN

DOI

http://dx.doi.org/10.1007/978-3-030-15032-7_107

Klíčová slova anglicky

Domain name system; Domain generations algorithms; Botnets; Command and control servers

Štítky

core_B, firank_B

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 28. 4. 2020 13:02, RNDr. Pavel Šmerk, Ph.D.

Anotace

V originále

Botnets pose a major threat to the information security of organizations and individuals. The bots (malware infected hosts) receive commands and updates from the Command and Control (C&C) servers, and hence, contacting and communicating with these servers is an essential requirement of bots. However, once a malware is identified in the infected host, it is easy to find its C&C server and block it, if the domain names of the servers are hard-coded in the malware. To counter such detection, many malwares families use probabilistic algorithms known as domain generation algorithms (DGAs) to generate domain names for the C&C servers. This makes it difficult to track down the C&C servers of the Botnet even after the malware is identified. In this paper, we propose a probabilistic approach for the identification of domain names which are likely to be generated by a malware using DGA. The proposed solution is based on the hypothesis that human generated domain names are usually inspired by the words from a particular language (say English), whereas DGA generated domain names should contain random sub-strings in it. Results show that the percentage of false negatives in the detection of DGA generated domain names using the proposed method is less than 29% across 30 DGA families considered by us in our experimentation.

Návaznosti

GA102/06/0711, projekt VaV

Název: Kryptografické generátory náhodných a pseudonáhodných čísel

Investor: Grantová agentura ČR, Kryptografické generátory náhodných a pseudonáhodných čísel

Citovat

VISHWAKARMA, Deepak Kumar, Ashutosh BHATIA a Zdeněk ŘÍHA. Detection of Algorithmically Generated Domain Names in Botnets. In Leonard Barolli, Makoto Takizawa, Fatos Xhafa, Tomoya Enokido. Advanced Information Networking and Applications, AINA 2019. Cham, Switzerland: Springer Nature Switzerland, 2020, s. 1279-1290. ISBN 978-3-030-15031-0. Dostupné z: https://dx.doi.org/10.1007/978-3-030-15032-7_107.

@inproceedings{1520636,
   author = {Vishwakarma, Deepak Kumar and Bhatia, Ashutosh and Říha, Zdeněk},
   address = {Cham, Switzerland},
   booktitle = {Advanced Information Networking and Applications, AINA 2019},
   doi = {http://dx.doi.org/10.1007/978-3-030-15032-7_107},
   editor = {Leonard Barolli, Makoto Takizawa, Fatos Xhafa, Tomoya Enokido},
   keywords = {Domain name system; Domain generations algorithms; Botnets; Command and control servers},
   howpublished = {tištěná verze "print"},
   language = {eng},
   location = {Cham, Switzerland},
   isbn = {978-3-030-15031-0},
   pages = {1279-1290},
   publisher = {Springer Nature Switzerland},
   title = {Detection of Algorithmically Generated Domain Names in Botnets},
   year = {2020}
}

TY  - JOUR
ID  - 1520636
AU  - Vishwakarma, Deepak Kumar - Bhatia, Ashutosh - Říha, Zdeněk
PY  - 2020
TI  - Detection of Algorithmically Generated Domain Names in Botnets
PB  - Springer Nature Switzerland
CY  - Cham, Switzerland
SN  - 9783030150310
KW  - Domain name system
KW  - Domain generations algorithms
KW  - Botnets
KW  - Command and control servers
N2  - Botnets pose a major threat to the information security of organizations and individuals. The bots (malware infected hosts) receive commands and updates from the Command and Control (C&C) servers, and hence, contacting and communicating with these servers is an essential requirement of bots. However, once a malware is identified in the infected host, it is easy to find its C&C server and block it, if the domain names of the servers are hard-coded in the malware. To counter such detection, many malwares families use probabilistic algorithms known as domain generation algorithms (DGAs) to generate domain names for the C&C servers. This makes it difficult to track down the C&C servers of the Botnet even after the malware is identified. In this paper, we propose a probabilistic approach for the identification of domain names which are likely to be generated by a malware using DGA. The proposed solution is based on the hypothesis that human generated domain names are usually inspired by the words from a particular language (say English), whereas DGA generated domain names should contain random sub-strings in it. Results show that the percentage of false negatives in the detection of DGA generated domain names using the proposed method is less than 29% across 30 DGA families considered by us in our experimentation.
ER  -

VISHWAKARMA, Deepak Kumar, Ashutosh BHATIA a Zdeněk ŘÍHA. Detection of Algorithmically Generated Domain Names in Botnets. In Leonard Barolli, Makoto Takizawa, Fatos Xhafa, Tomoya Enokido. \textit{Advanced Information Networking and Applications, AINA 2019}. Cham, Switzerland: Springer Nature Switzerland, 2020, s.~1279-1290. ISBN~978-3-030-15031-0. Dostupné z: https://dx.doi.org/10.1007/978-3-030-15032-7\_{}107.

Podrobný výpis o publikaci