Research Article
Domain Algorithmically Generated Botnet Detection and Analysis
@INPROCEEDINGS{10.1007/978-3-319-23829-6_38, author={Xiaolin Xu and Yonglin Zhou and Qingshan Li}, title={Domain Algorithmically Generated Botnet Detection and Analysis}, proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I}, proceedings_a={SECURECOMM}, year={2015}, month={11}, keywords={Botnet DNS Algorithmically generated domains Domain-flux}, doi={10.1007/978-3-319-23829-6_38} }- Xiaolin Xu
Yonglin Zhou
Qingshan Li
Year: 2015
Domain Algorithmically Generated Botnet Detection and Analysis
SECURECOMM
Springer
DOI: 10.1007/978-3-319-23829-6_38
Abstract
To detect domains used by botnet and generated by algorithms, a new technique is proposed to analyze the query difference between algorithmically generated domain and legal domain based on a fact that every domain name in the domain group generated by one botnet has similar live time and query style. We look for suspicious domains in DNS traffic, and use change distance to verify these suspicious domains used by botnet. Then we tried to describe botnet change rate and change scope using domain change distance. Through deploying our system at operators’ RDNS, experiments were carried to validate the effectiveness of detection method. The experiment result shows that the method can detect algorithmically generated domains used by botnet.