Emerging Technologies for Developing Countries. First International EAI Conference, AFRICATEK 2017, Marrakech, Morocco, March 27-28, 2017 Proceedings

Research Article

Detecting Malware Domains: A Cyber-Threat Alarm System

  • @INPROCEEDINGS{10.1007/978-3-319-67837-5_17,
        author={Khalifa AlRoum and Abdulhakim Alolama and Rami Kamel and May Barachi and Monther Aldwairi},
        title={Detecting Malware Domains: A Cyber-Threat Alarm System},
        proceedings={Emerging Technologies for Developing Countries. First International EAI Conference, AFRICATEK 2017, Marrakech, Morocco, March 27-28, 2017 Proceedings},
        proceedings_a={AFRICATEK},
        year={2017},
        month={10},
        keywords={DNS analysis Cyber-threat Malicious domains’ detection Botnets},
        doi={10.1007/978-3-319-67837-5_17}
    }
    
  • Khalifa AlRoum
    Abdulhakim Alolama
    Rami Kamel
    May Barachi
    Monther Aldwairi
    Year: 2017
    Detecting Malware Domains: A Cyber-Threat Alarm System
    AFRICATEK
    Springer
    DOI: 10.1007/978-3-319-67837-5_17
Khalifa AlRoum1,*, Abdulhakim Alolama1,*, Rami Kamel1,*, May Barachi2,*, Monther Aldwairi1,*
  • 1: Zayed University
  • 2: University of Wollongong Dubai, Knowledge Village
*Contact email: M80006834@zu.ac.ae, M80006863@zu.ac.ae, M80006762@zu.ac.ae, MaiElbarachi@uowdubai.ac.ae, monther.aldwairi@zu.ac.ae

Abstract

Throughout the years, hackers’ intentions’ varied from curiosity, to financial gains, to political statements. Armed with their botnets, bot masters could crash a server or website. Statistics show that botnet activity accounts for 29% of the Internet traffic. But how can bot masters establish undetected communication with their botnets? The answer lies in the Domain Name System (DNS), using which hackers host their own domain and assign to it changing IP addresses to avoid being detected. In this paper, we propose a multi-factor cyber-threat detection system that relies on DNS traffic analysis for the detection of malicious domains. The proposed system was implemented, and tested, and the results yielded are very promising.