Další formáty:
BibTeX
LaTeX
RIS
@inproceedings{1520636, author = {Vishwakarma, Deepak Kumar and Bhatia, Ashutosh and Říha, Zdeněk}, address = {Cham, Switzerland}, booktitle = {Advanced Information Networking and Applications, AINA 2019}, doi = {http://dx.doi.org/10.1007/978-3-030-15032-7_107}, editor = {Leonard Barolli, Makoto Takizawa, Fatos Xhafa, Tomoya Enokido}, keywords = {Domain name system; Domain generations algorithms; Botnets; Command and control servers}, howpublished = {tištěná verze "print"}, language = {eng}, location = {Cham, Switzerland}, isbn = {978-3-030-15031-0}, pages = {1279-1290}, publisher = {Springer Nature Switzerland}, title = {Detection of Algorithmically Generated Domain Names in Botnets}, year = {2020} }
TY - JOUR ID - 1520636 AU - Vishwakarma, Deepak Kumar - Bhatia, Ashutosh - Říha, Zdeněk PY - 2020 TI - Detection of Algorithmically Generated Domain Names in Botnets PB - Springer Nature Switzerland CY - Cham, Switzerland SN - 9783030150310 KW - Domain name system KW - Domain generations algorithms KW - Botnets KW - Command and control servers N2 - Botnets pose a major threat to the information security of organizations and individuals. The bots (malware infected hosts) receive commands and updates from the Command and Control (C&C) servers, and hence, contacting and communicating with these servers is an essential requirement of bots. However, once a malware is identified in the infected host, it is easy to find its C&C server and block it, if the domain names of the servers are hard-coded in the malware. To counter such detection, many malwares families use probabilistic algorithms known as domain generation algorithms (DGAs) to generate domain names for the C&C servers. This makes it difficult to track down the C&C servers of the Botnet even after the malware is identified. In this paper, we propose a probabilistic approach for the identification of domain names which are likely to be generated by a malware using DGA. The proposed solution is based on the hypothesis that human generated domain names are usually inspired by the words from a particular language (say English), whereas DGA generated domain names should contain random sub-strings in it. Results show that the percentage of false negatives in the detection of DGA generated domain names using the proposed method is less than 29% across 30 DGA families considered by us in our experimentation. ER -
VISHWAKARMA, Deepak Kumar, Ashutosh BHATIA a Zdeněk ŘÍHA. Detection of Algorithmically Generated Domain Names in Botnets. In Leonard Barolli, Makoto Takizawa, Fatos Xhafa, Tomoya Enokido. \textit{Advanced Information Networking and Applications, AINA 2019}. Cham, Switzerland: Springer Nature Switzerland, 2020, s.~1279-1290. ISBN~978-3-030-15031-0. Dostupné z: https://dx.doi.org/10.1007/978-3-030-15032-7\_{}107.
|