DocumentCode :
580257
Title :
On Botnets That Use DNS for Command and Control
Author :
Dietrich, Christian J. ; Rossow, Christian ; Freiling, Felix C. ; Bos, Herbert ; van Steen, Maarten ; Pohlmann, Norbert
Author_Institution :
Dept. of Comput. Sci., Friedrich-Alexander Univ., Erlangen, Germany
fYear :
2011
fDate :
6-7 Sept. 2011
Firstpage :
9
Lastpage :
16
Abstract :
We discovered and reverse engineered Feederbot, a botnet that uses DNS as carrier for its command and control. Using k-Means clustering and a Euclidean Distance based classifier, we correctly classified more than 14m DNS transactions of 42,143 malware samples concerning DNS-C&C usage, revealing another bot family with DNS C&C. In addition, we correctly detected DNS C&C in mixed office workstation network traffic.
Keywords :
computer network security; invasive software; pattern classification; pattern clustering; DNS transactions; DNS-C&C usage; Euclidean distance based classifier; botnets; feederbot; k-means clustering; mixed office workstation network traffic; Command and control systems; Cryptography; Entropy; Feature extraction; Malware; Protocols; Servers; botnet detection; command and control; dns; malware detection;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Network Defense (EC2ND), 2011 Seventh European Conference on
Conference_Location :
Gothenburg
Print_ISBN :
978-1-4673-2116-7
Type :
conf
DOI :
10.1109/EC2ND.2011.16
Filename :
6377756
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=580257
بازگشت