• español
    • English
  • Login
  • English 
    • español
    • English
  • Publication Types
    • bookbook partconference objectdoctoral thesisjournal articlemagazinemaster thesispatenttechnical documentationtechnical report
View Item 
  •   IMDEA Networks Home
  • View Item
  •   IMDEA Networks Home
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Detecting algorithmically generated malicious domain names

Share
Files
Detecting_Algorithmically_Generated_Malicious_Domain_Names_-_2010_EN.pdf (278.1Kb)
Identifiers
URI: http://hdl.handle.net/20.500.12761/1263
Metadata
Show full item record
Author(s)
Yadav, Sandeep; Kumar Reddy, Ashwath; Narasimha Reddy, A.L.; Ranjan, Supranamaya
Date
2010-11-01
Abstract
Recent Botnets such as Conficker, Kraken and Torpig have used DNS based “domain fluxing” for command-and-control, where each Bot queries for existence of a series of domain names and the owner has to register only one such domain name. In this paper, we develop a methodology to detect such “domain fluxes” in DNS traffic by looking for patterns inherent to domain names that are generated algorithmically, in contrast to those generated by humans. In particular, we look at distribution of alphanumeric characters as well as bigrams in all domains that are mapped to the same set of IP-addresses. We present and compare the performance of several distance metrics, including KL-distance, Edit distance and Jaccard measure. We train by using a good data set of domains obtained via a crawl of domains mapped to all IPv4 address space and modeling bad data sets based on behaviors seen so far and expected. We also apply our methodology to packet traces collected at a Tier-1 ISP and show we can automatically detect domain fluxing as used by Conficker botnet with minimal false positives
Subject
Q Science::Q Science (General)
Q Science::QA Mathematics::QA75 Electronic computers. Computer science
T Technology::T Technology (General)
T Technology::TA Engineering (General). Civil engineering (General)
T Technology::TK Electrical engineering. Electronics Nuclear engineering
Share
Files
Detecting_Algorithmically_Generated_Malicious_Domain_Names_-_2010_EN.pdf (278.1Kb)
Identifiers
URI: http://hdl.handle.net/20.500.12761/1263
Metadata
Show full item record

Browse

All of IMDEA NetworksBy Issue DateAuthorsTitlesKeywordsTypes of content

My Account

Login

Statistics

View Usage Statistics

Dissemination

emailContact person Directory wifi Eduroam rss_feed News
IMDEA initiative About IMDEA Networks Organizational structure Annual reports Transparency
Follow us in:
Community of Madrid

EUROPEAN UNION

European Social Fund

EUROPEAN UNION

European Regional Development Fund

EUROPEAN UNION

European Structural and Investment Fund

© 2021 IMDEA Networks. | Accesibility declaration | Privacy Policy | Disclaimer | Cookie policy - We value your privacy: this site uses no cookies!