Recognizing Time-Efficiently Local Botnet Infections - A Case Study

Heuer, Tanja; Schiering, Ina; Klawnn, Frank; Gabel, Alexander; Seeger, M.A.

doi:10.1109/ares.2016.16

Cited by 3 publications

(2 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All things considered, Bilbo is the most reliable and competent model out there. Tanja et.al (Heuer et al, 2016) examined the use of machine learning on a small but reliable feature set to quickly and efficiently monitor and analyze DNS traffic passively. A regional ISP's entire DNS data stream is used for the evaluation and possible for medium-sized regional service providers to use typical DNS traffic to train classifiers and to implement systems based on the methodology presented here as an alternative to cloud services within the network of organizations.…”

Section: Related Workmentioning

confidence: 99%

Enhanced DGA Detection in BotNet Traffic: Leveraging N-Gram, Topic Modeling and Attention BiLSTM

2024

Preprint

View full text Add to dashboard Cite

This abstract introduces a novel approach for detecting Domain Generation Algorithm (DGA) in BotNet traffic through the integration of N-Gram analysis, Topic Modeling, and Attention-based Bidirectional Long Short-Term Memory (BiLSTM) networks. The escalating sophistication of cyber threats necessitates advanced methods to identify malicious activities, particularly those involving DGAs in BotNet communication. The proposed model begins with N-Gram analysis, capturing sequential patterns in domain names, thereby enhancing the detection of algorithmically generated domains. Topic Modeling is employed to extract latent themes within the network traffic data, providing a deeper understanding of the semantic context associated with potentially malicious domains. To harness the contextual nuances, an Attention mechanism is integrated into a BiLSTM network, allowing the model to selectively focus on critical segments of the input data. This attention-driven BiLSTM network proves effective in capturing long-range dependencies and intricate temporal dynamics inherent in BotNet communication. Experimental evaluations on diverse datasets demonstrate the efficacy of the proposed approach in outperforming existing methods, showcasing its ability to adapt to evolving adversarial strategies. The fusion of N-Gram, Topic Modeling, and Attention BiLSTM offers a comprehensive solution for DGA detection, providing a robust defense against sophisticated cyber threats in the continually evolving landscape of network security. This research contributes to advancing the field of intrusion detection and cyber threat mitigation by presenting a holistic and adaptive approach tailored to the challenges posed by modern BotNet traffic.

show abstract

Section: Related Workmentioning

confidence: 99%

Enhanced DGA Detection in BotNet Traffic: Leveraging N-Gram, Topic Modeling and Attention BiLSTM

2024

Preprint

View full text Add to dashboard Cite

show abstract

“…Provided with the general trend of this mechanism, recent works have focused on the analysis of DNS traffic to identify botnets relying on their DGAs. Various technologies have since been designed to detect DGA domains in DNS traffic, containing analyzing algorithmic models of domains, reverse-engineering malware instances [30,31], grouped into non-existent domains in DNS lookups [32,33], behavioral models [34,35], Social Network Analysis [36], power spectral density (PSD) analysis [37], and directly capturing C and C traffic [38,39]. However, influencing detected DGA domains to create a practical fix to botnet threats in large-scale networks is currently restricted.…”

Section: Dga-based Botnet Detectionmentioning

confidence: 99%

Botnet Detection Technology Based on DNS

Wang

Zhang

2017

Future Internet

View full text Add to dashboard Cite

With the help of botnets, intruders can implement a remote control on infected machines and perform various malicious actions. Domain Name System (DNS) is very famous for botnets to locate command and control (C and C) servers, which enormously strengthens a botnet's survivability to evade detection. This paper focuses on evasion and detection techniques of DNS-based botnets and gives a review of this field for a general summary of all these contributions. Some important topics, including technological background, evasion and detection, and alleviation of botnets, are discussed. We also point out the future research direction of detecting and mitigating DNS-based botnets. To the best of our knowledge, this topic gives a specialized and systematic study of the DNS-based botnet evading and detecting techniques in a new era and is useful for researchers in related fields.

show abstract

A Survey of Malware Risk Detection Techniques in Cloud

et.al¹

2021

TURCOMAT

View full text Add to dashboard Cite

This article aims to contribute in securing information technology (IT) systems and processes for information security by utilizing malware risk detection for decision-making processes to mitigate cyber-attacks. It has potential to be a real threat to the businesses and industrial applications. The risk management is an essential component where it can present a new information security model for supporting decision making. The current ideologies such as the anti-virus, malware and firewalls detection and protection are proving to be ineffective as they were not specifically designed for multi-tenant cloud environments. Therefore, this article presents a survey of malware risk detection techniques in cloud. The survey was conducted on publications from Scopus from the last 5 years. The findings indicate the current malware detection techniques are not enough to effectively detect and protect the cloud environments.

show abstract

Recognizing Time-Efficiently Local Botnet Infections - A Case Study

Cited by 3 publications

References 21 publications

Enhanced DGA Detection in BotNet Traffic: Leveraging N-Gram, Topic Modeling and Attention BiLSTM

Enhanced DGA Detection in BotNet Traffic: Leveraging N-Gram, Topic Modeling and Attention BiLSTM

Botnet Detection Technology Based on DNS

A Survey of Malware Risk Detection Techniques in Cloud

Contact Info

Product

Resources

About