VISHWAKARMA, Deepak Kumar, Ashutosh BHATIA and Zdeněk ŘÍHA. Detection of Algorithmically Generated Domain Names in Botnets. In Leonard Barolli, Makoto Takizawa, Fatos Xhafa, Tomoya Enokido. Advanced Information Networking and Applications, AINA 2019. Cham, Switzerland: Springer Nature Switzerland, 2020, p. 1279-1290. ISBN 978-3-030-15031-0. Available from: https://dx.doi.org/10.1007/978-3-030-15032-7_107.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Detection of Algorithmically Generated Domain Names in Botnets
Name in Czech Detekce algoritmicky generovaných doménových jmen v botnetech
Authors VISHWAKARMA, Deepak Kumar (356 India), Ashutosh BHATIA (356 India) and Zdeněk ŘÍHA (203 Czech Republic, belonging to the institution).
Edition Cham, Switzerland, Advanced Information Networking and Applications, AINA 2019, p. 1279-1290, 12 pp. 2020.
Publisher Springer Nature Switzerland
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher Switzerland
Confidentiality degree is not subject to a state or trade secret
Publication form printed version "print"
RIV identification code RIV/00216224:14330/20:00113963
Organization unit Faculty of Informatics
ISBN 978-3-030-15031-0
ISSN 2194-5357
Doi http://dx.doi.org/10.1007/978-3-030-15032-7_107
Keywords in English Domain name system; Domain generations algorithms; Botnets; Command and control servers
Tags firank_B
Tags International impact, Reviewed
Changed by Changed by: RNDr. Pavel Šmerk, Ph.D., učo 3880. Changed: 28/4/2020 13:02.
Abstract
Botnets pose a major threat to the information security of organizations and individuals. The bots (malware infected hosts) receive commands and updates from the Command and Control (C&C) servers, and hence, contacting and communicating with these servers is an essential requirement of bots. However, once a malware is identified in the infected host, it is easy to find its C&C server and block it, if the domain names of the servers are hard-coded in the malware. To counter such detection, many malwares families use probabilistic algorithms known as domain generation algorithms (DGAs) to generate domain names for the C&C servers. This makes it difficult to track down the C&C servers of the Botnet even after the malware is identified. In this paper, we propose a probabilistic approach for the identification of domain names which are likely to be generated by a malware using DGA. The proposed solution is based on the hypothesis that human generated domain names are usually inspired by the words from a particular language (say English), whereas DGA generated domain names should contain random sub-strings in it. Results show that the percentage of false negatives in the detection of DGA generated domain names using the proposed method is less than 29% across 30 DGA families considered by us in our experimentation.
Links
GA102/06/0711, research and development projectName: Kryptografické generátory náhodných a pseudonáhodných čísel
Investor: Czech Science Foundation, Cryptographic random and pseudo-random number generators
PrintDisplayed: 26/4/2024 11:06