A Study on Botnets Utilizing DNS

Botnets represent a major and formidable threat in modern computing, and security researchers are engaged in constant and escalating battle with the writers of such malware to detect and mitigate it. Current advanced malware behaviors include encryption of communications between the botmaster and the bot machines as well as various strategies for resilience and obfuscation. These techniques have taken full advantage of the infrastructure in place to support the increased connectivity between computers around the world. This includes updates and upgrades to DNS that have been leveraged to meet its increased utilization. In this paper, we analyze the current uses of DNS by botnet malware writers and operators and examine possible clues that network administrators and savvy computer users can utilize to identify and or mitigate the threat.

[1]  Hamid Jahankhani,et al.  Botnet Future Trend , 2009 .

[2]  V. Paxson,et al.  GQ : Realizing a System to Catch Worms in a Quarter Million Places , 2006 .

[3]  John A. Copeland,et al.  Software updates as a security metric: Passive identification of update trends and effect on machine infection , 2012, MILCOM 2012 - 2012 IEEE Military Communications Conference.

[4]  Chris Kanich,et al.  GQ: practical containment for measuring modern malware systems , 2011, IMC '11.

[5]  Felix C. Freiling,et al.  On Botnets That Use DNS for Command and Control , 2011, 2011 Seventh European Conference on Computer Network Defense.

[6]  Christopher Krügel,et al.  BotFinder: finding bots in network traffic without deep packet inspection , 2012, CoNEXT '12.

[7]  Guofei Gu,et al.  BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic , 2008, NDSS.

[8]  Andreas Terzis,et al.  My Botnet Is Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging , 2007, HotBots.

[9]  Vijay Varadharajan,et al.  An Enhanced Model for Network Flow Based Botnet Detection , 2015, ACSC.

[10]  Robert H. Sloan,et al.  Unauthorized Access - The Crisis in Online Privacy and Security , 2013 .

[11]  John Canavan The evolution of malicious IRC bots , 2005 .

[12]  W. Martin Honey pots and honey nets , Security through deception , 2001 .

[13]  Ronaldo M. Salles,et al.  Botnets: A survey , 2013, Comput. Networks.

[14]  A. Snoeren,et al.  Universal Honeyfarm Containment , 2022 .

[15]  Wenke Lee,et al.  Modeling Botnet Propagation Using Time Zones , 2006, NDSS.

[16]  Kumar Amit,et al.  A Wide Scale Survey on Botnet , 2011 .

[17]  Kenton Born,et al.  Detecting DNS Tunnels Using Character Frequency Analysis , 2010, ArXiv.