Abstract
A botnet is a network of private computers infected with malicious software and controlled as a group without the knowledge of the owners. Botnets are used by cybercriminals for various malicious activities, such as stealing sensitive data, sending spam, launching Distributed Denial of Service (DDoS) attacks, etc. A Command and Control (C&C) server sends commands to the compromised hosts to execute those malicious activities. In order to avoid detection, recent botnets such as Conficker, Zeus, and Cryptolocker apply a technique called Domain-Fluxing or Domain Name Generation Algorithms (DGA), in which the infected bot periodically generates and tries to resolve a large number of pseudorandom domain names until one of them is resolved by the DNS server. In this paper, we survey different machine learning methods for detecting such DGAs by analyzing only the alphanumeric characteristics of the domain names in the network. We also propose unsupervised models and evaluate their performance while comparing them with existing supervised models used in previous researches in this field. The proposed unsupervised methods achieve better results than the compared supervised techniques, while detecting zero-day DGAs.
| Original language | English |
|---|---|
| Title of host publication | Intelligent Systems, Control and Automation |
| Subtitle of host publication | Science and Engineering |
| Publisher | Springer Netherlands |
| Pages | 133-161 |
| Number of pages | 29 |
| DOIs | |
| State | Published - 2018 |
| Externally published | Yes |
Publication series
| Name | Intelligent Systems, Control and Automation: Science and Engineering |
|---|---|
| Volume | 93 |
| ISSN (Print) | 2213-8986 |
| ISSN (Electronic) | 2213-8994 |
Bibliographical note
Publisher Copyright:© 2018, Springer International Publishing AG, part of Springer Nature.