hrcak mascot   Srce   HID

Izvorni znanstveni članak
https://doi.org/10.17559/TV-20161012115204

Fast-Flux Botnet Detection Based on Traffic Response and Search Engines Credit Worthiness

Davor Cafuta   ORCID icon orcid.org/0000-0001-9105-6699 ; Zagreb University of Applied Sciences, Vrbik 8, 10000 Zagreb, Croatia
Vlado Sruk ; Faculty of Electrical Engineering and Computing, University of Zagreb, Unska 3, 10000 Zagreb, Croatia
Ivica Dodig   ORCID icon orcid.org/0000-0002-3005-9949 ; Zagreb University of Applied Sciences, Vrbik 8, 10000 Zagreb, Croatia

Puni tekst: engleski, pdf (1 MB) str. 390-400 preuzimanja: 636* citiraj
APA 6th Edition
Cafuta, D., Sruk, V. i Dodig, I. (2018). Fast-Flux Botnet Detection Based on Traffic Response and Search Engines Credit Worthiness. Tehnički vjesnik, 25 (2), 390-400. https://doi.org/10.17559/TV-20161012115204
MLA 8th Edition
Cafuta, Davor, et al. "Fast-Flux Botnet Detection Based on Traffic Response and Search Engines Credit Worthiness." Tehnički vjesnik, vol. 25, br. 2, 2018, str. 390-400. https://doi.org/10.17559/TV-20161012115204. Citirano 15.05.2021.
Chicago 17th Edition
Cafuta, Davor, Vlado Sruk i Ivica Dodig. "Fast-Flux Botnet Detection Based on Traffic Response and Search Engines Credit Worthiness." Tehnički vjesnik 25, br. 2 (2018): 390-400. https://doi.org/10.17559/TV-20161012115204
Harvard
Cafuta, D., Sruk, V., i Dodig, I. (2018). 'Fast-Flux Botnet Detection Based on Traffic Response and Search Engines Credit Worthiness', Tehnički vjesnik, 25(2), str. 390-400. https://doi.org/10.17559/TV-20161012115204
Vancouver
Cafuta D, Sruk V, Dodig I. Fast-Flux Botnet Detection Based on Traffic Response and Search Engines Credit Worthiness. Tehnički vjesnik [Internet]. 2018 [pristupljeno 15.05.2021.];25(2):390-400. https://doi.org/10.17559/TV-20161012115204
IEEE
D. Cafuta, V. Sruk i I. Dodig, "Fast-Flux Botnet Detection Based on Traffic Response and Search Engines Credit Worthiness", Tehnički vjesnik, vol.25, br. 2, str. 390-400, 2018. [Online]. https://doi.org/10.17559/TV-20161012115204

Sažetak
Botnets are considered as the primary threats on the Internet and there have been many research efforts to detect and mitigate them. Today, Botnet uses a DNS technique fast-flux to hide malware sites behind a constantly changing network of compromised hosts. This technique is similar to trustworthy Round Robin DNS technique and Content Delivery Network (CDN). In order to distinguish the normal network traffic from Botnets different techniques are developed with more or less success. The aim of this paper is to improve Botnet detection using an Intrusion Detection System (IDS) or router. A novel classification method for online Botnet detection based on DNS traffic features that distinguish Botnet from CDN based traffic is presented. Botnet features are classified according to the possibility of usage and implementation in an embedded system. Traffic response is analysed as a strong candidate for online detection. Its disadvantage lies in specific areas where CDN acts as a Botnet. A new feature based on search engine hits is proposed to improve the false positive detection. The experimental evaluations show that proposed classification could significantly improve Botnet detection. A procedure is suggested to implement such a system as a part of IDS.

Ključne riječi
Botnet; fast-flux; IDS

Hrčak ID: 199135

URI
https://hrcak.srce.hr/199135

Posjeta: 1.061 *