Bayesian bot detection based on DNS traffic similarity
Proceedings of the 2009 ACM symposium on Applied Computing
BotGAD: detecting botnets by capturing group activities in network traffic
Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE
Botnet: classification, attacks, detection, tracing, and preventive measures
ICICIC '09 Proceedings of the 2009 Fourth International Conference on Innovative Computing, Information and Control
Efficient detection of bots in subscribers computers
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Extending black domain name list by using co-occurrence relation between DNS queries
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Quarantine technology using botnets information
ACS'10 Proceedings of the 10th WSEAS international conference on Applied computer science
Clustering botnet communication traffic based on n-gram feature selection
Computer Communications
A fuzzy pattern-based filtering algorithm for botnet detection
Computer Networks: The International Journal of Computer and Telecommunications Networking
Challenges in experimenting with botnet detection systems
CSET'11 Proceedings of the 4th conference on Cyber security experimentation and test
Identifying botnets by capturing group activities in DNS traffic
Computer Networks: The International Journal of Computer and Telecommunications Networking
PAISI'12 Proceedings of the 2012 Pacific Asia conference on Intelligence and Security Informatics
Botnets: a heuristic-based detection framework
Proceedings of the Fifth International Conference on Security of Information and Networks
Security and Communication Networks
DNS to the rescue: discerning content and services in a tangled web
Proceedings of the 2012 ACM conference on Internet measurement conference
Proceedings of the 28th Annual Computer Security Applications Conference
Collaborative behavior visualization and its detection by observing darknet traffic
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Simulation-based study of botnets and defense mechanisms against them
Journal of Computer and Systems Sciences International
Computer Networks: The International Journal of Computer and Telecommunications Networking
Effective bot host detection based on network failure models
Computer Networks: The International Journal of Computer and Telecommunications Networking
DNS tunneling for network penetration
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Resolvers Revealed: Characterizing DNS Resolvers and their Clients
ACM Transactions on Internet Technology (TOIT)
Survey and taxonomy of botnet research through life-cycle
ACM Computing Surveys (CSUR)
Beehive: large-scale log analysis for detecting suspicious activity in enterprise networks
Proceedings of the 29th Annual Computer Security Applications Conference
Leveraging honest users: stealth command-and-control of botnets
WOOT'13 Proceedings of the 7th USENIX conference on Offensive Technologies
HTTP botnet detection using hidden semi-Markov model with SNMP MIB variables
International Journal of Electronic Security and Digital Forensics
| Hi-index | 0.00 |
cial benefits through a large pool of compromised hosts, which are called software robots or simply "bots." A group of bots, referred to as a botnet, is remotely controllable by a server and can be used for sending spam mails, stealing personal information, and launching DDoS attacks. Growing popularity of botnets compels to find proper countermeasures but existing defense mechanisms hardly catch up with the speed of botnet technologies. In this paper, we propose a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots. A few works have been proposed based on particular DNS information generated by a botnet, but they are easily evaded by changing bot programs. Our anomaly-based botnet detection mechanism is more robust than the previous approaches so that the variants of bots can be detectable by looking at their group activities in DNS traffic. From the experiments on a campus network, it is shown that the proposed mechanism can detect botnets effectively while bots are connecting to their server or migrating to another server.