首页    期刊浏览 2024年12月03日 星期二
登录注册

文章基本信息

  • 标题:DGA-based botnets detection using DNS traffic mining
  • 本地全文:下载
  • 作者:Ahmed M. Manasrah ; Thair Khdour ; Raeda Freehat
  • 期刊名称:Journal of King Saud University @?C Computer and Information Sciences
  • 印刷版ISSN:1319-1578
  • 出版年度:2022
  • 卷号:34
  • 期号:5
  • 页码:2045-2061
  • 语种:English
  • 出版社:Elsevier
  • 摘要:Botnet is a network of infected workstations that are remotely managed by BotMaster via the command and control (C&C) server. Botnets pose a serious threat to network security since they are the source of a variety of malicious behaviors such as information theft, phishing, and Distributed Denial of Service (DDoS) assaults. Using a Domain Generation Algorithm (DGA) to produce a vast set of domain names is one of the most prevalent ways for hiding the identity of the C&C server. As a result, existing defensive methods have a limited chance of detecting and defeating such infrastructure. In this study, a system is suggested that employs machine learning techniques to categorize domain names into malicious or legitimate domain names. The suggested method is based on assessing the linguistic qualities of domain names requested from various hosts. Fifteen associated linguistic features were collected from the domain wordings to determine the degree of randomization, rarity, typing difficulty, and other related factors. The proposed system is tested with DNS requests gathered from various sources and seven distinct DGA botnet families. The findings reveal that the suggested technique can detect DGA domains with a 99.1% and a 0.6% false-positive rate.
国家哲学社会科学文献中心版权所有