Wait a second!
More handpicked essays just for you.
Botnets - Background
Don’t take our word for it - see why 10 million students trust us with their essay needs.
Autonomous Detection of Botnets Using Passive DNS
729 Words2 Pages
Recommended: Botnets - Background
1
Background
A botnet is a collection of compromised hosts (bots) under control of a com- mon Command & Control (C&C). The C&C is used by a remote controller to issue commands to the different infected hosts. A botnet may have several purposes, the most common include Denial-of-Servoice (DoS) attacks, identity theft, proxy, spreading of malware and spamming. Traditional ways to disrupt such networks, such as Domain Name System Blacklists (DNSBL’s) or firewalls, rely on the knowledge of the Internet address of the C&C.
Domain Name System (DNS) is of paramount importance in the operation of internet. It is responsible for translating human-friendly hostnames into IP addresses. Botmasters make use of domain names to manage their distributed network of bots. Furthermore, they take advantage of DNS agility (ability to quickly change the IP address associated to a domain name) to hide and frustrate detection of their C&C. Such techniques include DGA [1], Fast-Flux [4].
2
Research Questions
As aforementioned, attackers have been able to avoid the deployed detection/prevention mechanisms by continously update the IP address of their C&C. This makes the disruption of the botnet more difficult. In addition, techniques like Fast-Flux or DGA take advantage of the fact that DNS services do not keep the history of the DNS requests, DNS data only contains the current value of each domain name, making the identification of the botnet C&C even more difficult [5].
Passive DNS [6] comes to help in this case, by storing all DNS answers that goes through a deployed sensor into a database and allowing queries over that data. Moreover, Passive DNS allows one to correlate DNS data over time, being possible to analyze the migration pattern of the botnet, ...
... middle of paper ...
...Berke- ley, CA, USA, 2012. USENIX Association.
[2] M. Bailey, E. Cooke, F. Jahanian, Yunjing Xu, and M. Karir. A survey of botnet technology and defenses. In Conference For Homeland Security,
2009. CATCH ’09. Cybersecurity Applications Technology, pages 299–304,
2009.
[3] Maryam Feily, Alireza Shahrestani, and Sureswaran Ramadass. A survey of botnet and botnet detection. In Proceedings of the 2009 Third International
Conference on Emerging Security Information, Systems and Technologies,
SECURWARE ’09, pages 268–273. IEEE Computer Society, 2009.
[4] D.K. McGrath, A. Kalafut, and M. Gupta. Phishing infrastructure fluxes all the way. Security Privacy, IEEE, 7(5):21–28, 2009.
[5] C. Schiller and J.R. Binkley. Botnets: The Killer Web Applications. Elsevier
Science, 2011.
[6] Florian Weimer. Passive dns replication. In FIRST Conference on Computer
Security Incident, 2005.