Name
Abstract | ||
|---|---|---|
Botnet detection systems struggle with performance and privacy issues when analyzing data from large-scale networks. Deep packet inspection, reverse engineering, clustering and other time consuming approaches are unfeasible for large-scale networks. Therefore, many researchers focus on fast and simple botnet detection methods that use as little information as possible to avoid privacy violations. We present a novel technique for detecting malware using Domain Generation Algorithms (DGA), that is able to evaluate data from large scale networks without reverse engineering a binary or performing Non-Existent Domain (NXDomain) inspection. We propose to use a statistical approach and model the ratio of DNS requests and visited IPs for every host in the local network and label the deviations from this model as DGA-performing malware. We expect the malware to try to resolve more domains during a small time interval without a corresponding amount of newly visited IPs. For this we need only the NetFlow/IPFIX statistics collected from the network of interest. These can be generated by almost any modern router. We show that by using this approach we are able to identify DGA-based malware with zero to very few false positives. Because of the simplicity of our approach we can inspect data from very large networks with minimal computational costs. |
Year | DOI | Venue |
|---|---|---|
2015 | 10.1109/INM.2015.7140486 | Integrated Network Management |
Keywords | Field | DocType |
IP networks,Internet,data privacy,invasive software,statistical analysis,DGA malware detection,IP network,NetFlow/IPFIX statistics,botnet detection system,data privacy,domain generation algorithm,statistical approach | Deep packet inspection,Botnet,NetFlow,Computer science,Reverse engineering,Computer network,Router,Cluster analysis,Malware,False positive paradox | Conference |
Citations | PageRank | References |
14 | 0.69 | 7 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Martin Grill | 1 | 101 | 10.79 |
| Ivan Nikolaev | 2 | 15 | 1.06 |
| Veronica Valeros | 3 | 14 | 0.69 |
| Martin Rehak | 4 | 251 | 28.57 |