DNS-based anti-evasion technique for botnets detection

A new DNS-based anti-evasion technique for botnets detection is proposed. It is based on a cluster analysis of the features obtained from the payload of DNS-messages. The method uses a semi-supervised fuzzy c-means clustering. Usage of the developed method makes it possible to detect botnets that use the DNS-based evasion techniques with high efficiency.

[1]  Craig A. Schiller,et al.  Botnets: The Killer Web Applications , 2007 .

[2]  Anestis Karasaridis,et al.  NIS04-2: Detection of DNS Anomalies using Flow Data Analysis , 2006, IEEE Globecom 2006.

[3]  Leyla Bilge,et al.  EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis , 2011, NDSS.

[4]  Felix C. Freiling,et al.  On Botnets That Use DNS for Command and Control , 2011, 2011 Seventh European Conference on Computer Network Defense.

[5]  Sandeep Yadav,et al.  Winning with DNS Failures: Strategies for Faster Botnet Detection , 2011, SecureComm.

[6]  Witold Pedrycz,et al.  Algorithms of fuzzy clustering with partial supervision , 1985, Pattern Recognit. Lett..

[7]  Thorsten Holz,et al.  As the net churns: Fast-flux botnet observations , 2008, 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE).

[8]  Patrick Butler,et al.  Quantitatively Analyzing Stealthy Communication Channels , 2011, ACNS.

[9]  Oleg Savenko,et al.  Botnet detection technique for corporate area network , 2013, 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS).

[10]  Jonathan M. Garibaldi,et al.  A comparison of distance-based semi-supervised fuzzy c-means clustering algorithms , 2011, 2011 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE 2011).