Skoči na glavni sadržaj

Izvorni znanstveni članak

https://doi.org/10.19279/TVZ.PD.2019-7-2-01

BOTNET DETECTING BASED ON DNS TRAFFIC ANALYSIS

Brigitta Cafuta ; Tehničko veleučilište u Zagrebu, Zagreb, Hrvatska
Bojan Nožica ; Tehničko veleučilište u Zagrebu, Zagreb, Hrvatska
Ivica Dodig ; Tehničko veleučilište u Zagrebu, Zagreb, Hrvatska
Tin Kramberger ; Tehničko veleučilište u Zagrebu, Zagreb, Hrvatska


Puni tekst: hrvatski pdf 696 Kb

str. 82-89

preuzimanja: 264

citiraj


Sažetak

The number of Internet active domain names is rapidly raising, thus proportionally share of malicious domains is increasing. Behind the malicious domains are reflectors controlled indirectly by Command & Control Servers (C & C), which manage the network of compromised computers (botnet). Botnet administrator by placing and information on malicious domain at a given time can launch an installed malware agent on the compromised clients. These commands may vary from a DoS server, launching a server, visit the webpage or send an electronic mail. The consequence of the command can result on widening the botnet or performing an illegal activity. The best solution to prevent a botnet in operation is to block the communication channel from compromised client to botnet administrator by blocking the communication with the malicious domain. In this paper a method for malicious domain detection using DNS traffic is presented. Features of DNS traffic are classified according to their ability of detection in previous works in this field. Samples of the detection algorithms are presented. An experimental study to verify the existance of fast-flux botnets is performed. An Experimental study based on simplest DNS traffic characteristics verified the existence of malicious domains.

Ključne riječi

botnet; DNS traffic; fast-flux

Hrčak ID:

223320

URI

https://hrcak.srce.hr/223320

Datum izdavanja:

24.6.2019.

Podaci na drugim jezicima: hrvatski

Posjeta: 1.380 *