Abstract
This work investigates the detection of Botnet Command and Control (C&C) activity by monitoring Domain Name System (DNS) traffic. Detection signatures are automatically generated using evolutionary computation technique based on Stateful-SBB. The evaluation performed shows that the proposed system can work on raw variable length domain name strings with very high accuracy.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Feily, M., Shahrestani, A.: A Survey of Botnet and Botnet Detection. Emerging Security Information. In: Emerging Security, Systems and Technologies (2009)
Damballa Inc.:Top 10 Botnet Threats (2010), http://www.damballa.com
McAfee Labs Thread Reports, http://www.mcafee.com/apps/view-all/publications.aspx
Doucette, J., McIntyre, A.R., Lichodzijewski, P., Heywood, M.I.: Symbiotic Coev-olutionary Genetic Programming: A Benchmarking Study Under Large Attribute Spaces. Genetic Programming and Evolvable Machines 13(1), 71–101 (2012)
Vuong, S.T., Alam, M.S.: Advanced Methods for Botnet Intrusion Detection Systems. In: Intrusion Detection Systems. InTech. (2011)
Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M.: A Survey of Botnet Technology and Defense. In: CATCH (2009)
The Role of DNS in Botnet Command & Control. In: Open DNS Inc., Whitepaper (2012)
Zhang, L., Yu, S., Wu, D., Watters, P.: A Survey on Latest Botnet Attack and Defence. In: TrustCom, pp. 53–60 (2001)
Stalmans, E., Irwin, B.: A Framework for DNS Based Detection and Mitigation of Malware Infections on a Network. In: Information Security South Africa (2011)
Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting Algorithmically Generated Domain-Flux Attacks With DNS Traffic Analysis. IEEE/ACM Transaction on Networking 20, 1663–1977 (2012)
Ma, J., Saul, L.K., Savage, S., Voelker, G.: Beyond blacklists: Learning to detect malicious Web sites from suspicious URLs. In: ACM KDD (2009)
Antonakakakis, M., Perdisci, R., Dagon, D.: Building a Dynamic Reputation System for DNS. In: USENIX Security (2010)
Alpaydin, E.: Introduction to Machine Learning. MIT Press (2004)
Abuse: AMaDA, https://palevotracker.abuse.ch/
Abuse: Zeus Tracker, https://zeustracker.abuse.ch/
Top Level Domain Names, http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1
Lichodzikewski, P., Heywood, M.I.: Symbiosis Complexification and Simplicity under GP. In: GECCO (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Haddadi, F., Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I. (2013). Malicious Automatically Generated Domain Name Detection Using Stateful-SBB. In: Esparcia-Alcázar, A.I. (eds) Applications of Evolutionary Computation. EvoApplications 2013. Lecture Notes in Computer Science, vol 7835. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37192-9_53
Download citation
DOI: https://doi.org/10.1007/978-3-642-37192-9_53
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37191-2
Online ISBN: 978-3-642-37192-9
eBook Packages: Computer ScienceComputer Science (R0)