Title :
Botnet detection based on DNS records and active probing
Author :
Prieto, Iria ; Magana, Eduardo ; Morato, Daniel ; Izal, Mikel
Author_Institution :
Public University of Navarre, Campus Arrosadia, 31006 Pamplona, Spain
Abstract :
Computers connected to Internet are constantly threatened by different types of malware. One of the most important malware are botnets that convert infected computers into agents that follow actions instructed by a command-and-control server. A botmaster can control thousands of agents. This means a significant capacity to accomplish any kind of network attack (DoS), email spam or phishing. In this paper, communication peculiarities with the command-and-control server are used to provide an identification of computers infected by a botnet. This identification is based mainly in DNS records of registered domains where command-and-control servers are hosted. Therefore, processing overhead is reduced avoiding per packet or per flow network supervision.
Keywords :
Correlation; Electronic mail; Measurement; Microcomputers; Ports (Computers); Proposals; Protocols; Botnet; Command and control; DNS record; Domain name; WHOIS;
Conference_Titel :
Security and Cryptography (SECRYPT), 2011 Proceedings of the International Conference on
Conference_Location :
Seville, Spain
