虛擬講堂進入演講
講 題DGA-based Botnet Detection Using Bigram Analysis of Domain Names
講 者國立成功大學 王子夏
日 期2015/10/21長 度00:17:28人 氣347 次
摘 要
Session F2:資通安全及個人資料安全保護管理

論文作者:Ho-Chuan Hoh, Tzy-Shiah Wang, Hui-Tang Lin

Botnets are one of the major current threats to network security. A botnet is able to launch attacks such as information stealing, phishing site, spam mails and distributed denial of service (DDoS). Some botnets called Domain Generation Algorithm (DGA) Botnets apply a domain generation algorithm to avoid being detected by the traditional blacklist detection scheme. Using a domain generation algorithm, a huge list of candidate command and control server (C&C) domains are generated periodically. A bot then attempts to connect to the C&C server by querying DNS servers in the domain on the list one-by-one until it connects to an existing C&C server. By doing this, DGA bonnets are very elusive and difficult to detect by traditional defensive systems and thus have high survivability. To resolve this issue, this approach proposes a DGA-based botnet detection system based on the analysis of the distribution of alphanumeric characters in the DNS traffic. The system consists of three group detection algorithms to capture the Botnet groups. Our experiments show our system achieves very high performance. During our experiments, we captured one known DGA-based botnet and one new DGA-based botnet in our monitoring network environment. This shows that the proposed scheme is able to accurately and effectively detect and analyze DGA-based botnets.
提 供TANET台灣網際網路研討會-TANET2015
進入演講