Botnet detection by monitoring group activities in DNS traffic

Hyunsang Choi, Hanwoo Lee, Heejo Lee, Hyogon Kim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

178 Citations (Scopus)

Abstract

Recent malicious attempts are intended to get financial benefits through a large pool of compromised hosts, which are called software robots or simply "bots." A group of bots, referred to as a botnet, is remotely controllable by a server and can be used for sending spam mails, stealing personal information, and launching DDoS attacks. Growing popularity of botnets compels to find proper countermeasures but existing defense mechanisms hardly catch up with the speed of botnet technologies. In this paper, we propose a botnet detection mechanism by monitoring DNS traffic to detect botnets, which form a group activity in DNS queries simultaneously sent by distributed bots. A few works have been proposed based on particular DNS information generated by a botnet, but they are easily evaded by changing bot programs. Our anomaly-based botnet detection mechanism is more robust than the previous approaches so that the variants of bots can be detectable by looking at their group activities in DNS traffic. From the experiments on a campus network, it is shown that the proposed mechanism can detect botnets effectively while bots are connecting to their server or migrating to another server.

Original languageEnglish
Title of host publicationCIT 2007
Subtitle of host publication7th IEEE International Conference on Computer and Information Technology
Pages715-720
Number of pages6
DOIs
Publication statusPublished - 2007
EventCIT 2007: 7th IEEE International Conference on Computer and Information Technology - Aizu-Wakamatsu, Fukushima, Japan
Duration: 2007 Oct 162007 Oct 19

Publication series

NameCIT 2007: 7th IEEE International Conference on Computer and Information Technology

Other

OtherCIT 2007: 7th IEEE International Conference on Computer and Information Technology
CountryJapan
CityAizu-Wakamatsu, Fukushima
Period07/10/1607/10/19

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Software
  • Mathematics(all)

Fingerprint Dive into the research topics of 'Botnet detection by monitoring group activities in DNS traffic'. Together they form a unique fingerprint.

  • Cite this

    Choi, H., Lee, H., Lee, H., & Kim, H. (2007). Botnet detection by monitoring group activities in DNS traffic. In CIT 2007: 7th IEEE International Conference on Computer and Information Technology (pp. 715-720). [4385169] (CIT 2007: 7th IEEE International Conference on Computer and Information Technology). https://doi.org/10.1109/CIT.2007.4385169