Back to Search
Start Over
Detecting bot-infected machines using DNS fingerprinting
- Source :
- Digital Investigation. 28:14-33
- Publication Year :
- 2019
- Publisher :
- Elsevier BV, 2019.
-
Abstract
- The never-ending menace of botnet is causing many serious problems on the Internet. Although there are significant efforts on detecting botnet at the global level which rely heavily on finding failed queries and domain flux information for botnet detection, there are very few efforts being made to detect bot infection at an enterprise level. Detecting bot-infected machines is vital for any organization in combating various security threats. This work proposes a novel anomaly-based detection technique which considers hourly hosts DNS fingerprint and attempts to find anomalous behavior which is quite different from normal machine behavior. This work successfully demonstrates the DNS Anomaly Detection (named BotDAD) technique for detecting bot-infected machine in a network using DNS fingerprinting.
- Subjects :
- Enterprise level
Software_OPERATINGSYSTEMS
business.industry
Computer science
ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS
Fingerprint (computing)
Botnet
020207 software engineering
02 engineering and technology
Anomalous behavior
Computer security
computer.software_genre
Computer Science Applications
ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS
Medical Laboratory Technology
0202 electrical engineering, electronic engineering, information engineering
020201 artificial intelligence & image processing
The Internet
Anomaly detection
business
Law
computer
Subjects
Details
- ISSN :
- 17422876
- Volume :
- 28
- Database :
- OpenAIRE
- Journal :
- Digital Investigation
- Accession number :
- edsair.doi...........9d4b3dd727f52cb1c60d3eb3984b7fd5