Abstract | ||
---|---|---|
The Botnet command and control (C&C) behavior becomes more and more dynamic and rapid so that information security analyst is difficult to capture the Botnet behavior in real time. In this work, we proposed a Botnet C&C behavior tracing system (naming C&C Tracer) for capturing the Botnet C&C behavior. The C&C Tracer consists of three components, such as: C&C active behavior feature extracting (CAFE), domain name status querying (DNSQ) and C&C status tracing analyzer (CSTA). In CAFE, different sources of Botnet URLs with diverse representing formats could be parsed for behavior feature generation. According to the parsed URLs, DNSQ can automatic query the C&C domains to the online domain name resolution repository and extract the domain name resolution result. Finally, CSTA considers different observed C&C live and active ability and schedules the tracing strategies. The proposed system not only can incorporate different public blacklist of Botnet C&C, but also dynamically tracing the Botnet C&C behavior for expanding the blacklist in time. This system is fully implemented and operating in real network environment since 2009. The C&C Tracer can reduce the non-active C&C domain name close to 80% with only 0.69% false postive rate. We demonstrate the real cases that identify the Botnet C&C servers by C&C tracer for showing the effectiveness of proposed system. |
Year | DOI | Venue |
---|---|---|
2011 | 10.1109/ICSMC.2011.6083942 | SMC |
Keywords | Field | DocType |
c&c active behavior feature extraction,command and control,feature generation,network security,botnet command and control,informationsecurityanalyst,behavior tracing,c&c status tracing analyzer,computer network security,botnet,domain name status querying,domain name,feature extraction,databases,labeling,servers,data mining,real time systems | Data mining,Computer science,Botnet,Command and control,Blacklist,Server,Artificial intelligence,Tracing,Network security,Feature extraction,Parsing,Machine learning,Database | Conference |
ISSN | ISBN | Citations |
1062-922X | 978-1-4577-0652-3 | 5 |
PageRank | References | Authors |
0.60 | 4 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Meng-Han Tsai | 1 | 10 | 2.10 |
Kai-Chi Chang | 2 | 16 | 2.94 |
Chang-Cheng Lin | 3 | 5 | 0.60 |
Ching-Hao Mao | 4 | 268 | 17.32 |
Huey-Ming Lee | 5 | 247 | 49.38 |