閱讀全文 | |
篇名 |
Detecting Malicious Fast-Flux Domains Using Feature-based Classification Techniques
|
---|---|
並列篇名 | Detecting Malicious Fast-Flux Domains Using Feature-based Classification Techniques |
作者 | Dinh-Tu Truong、Dac-Tot Tran、Bao Huynh |
英文摘要 | In recent years, new generation botnets tend to use an evasion technique based on Domain Name System (DNS) called Fast-Flux Service Network (FFSN) to hide the actual location of their malicious servers. Detection of FFSN continues to be a challenging issue because of the similar behavior between FFSN and other legitimate infrastructures, such as Content Delivery Networks (CDNs) and Round Robin Domain Name System (RRDNS). In this paper, we present a novel approach based on analyzing the passive DNS traffic traces to detect malicious FFSNs. By analyzing DNS traces, we extracted ten key features and employed on the popular machine learning algorithms to build classifiers aim to classify a domain as either malicious flux service or legitimate. The seven among the ten features are first introduced in this study. The effectiveness of selected features is illustrated by comparing the distribution of 95% confidence interval for the mean and standard errors between legit, malware and fast-flux domain names on each feature. The statistical results show that there are discernible biases in the distribution of the feature values between benign and malicious domain names. The experimental results show that our proposed approach achieves the higher detection accuracy and lower false positive rate than the previous methods. |
起訖頁 | 1061-1072 |
關鍵詞 | Domain-flux、DGA-based botnet、Malicious domains、Botnet detection |
刊名 | 網際網路技術學刊 |
期數 | 202007 (21:4期) |
出版單位 | 台灣學術網路管理委員會 |
DOI |
|
QR Code | |
該期刊 上一篇
| Using Dynamic Passwords for the Exchange and Sharing of Personal Health Records: A Reliable User Authentication Scheme |
該期刊 下一篇
| Reputation-oriented Electronic Micro-loaning Based on Smart Contract in a Solidarity Group |