文章基本信息

标题：DGA-based botnets detection using DNS traffic mining
本地全文：下载
作者：Ahmed M. Manasrah ; Thair Khdour ; Raeda Freehat 等
期刊名称：Journal of King Saud University @?C Computer and Information Sciences
印刷版ISSN：1319-1578
出版年度：2022
卷号：34
期号：5
页码：2045-2061
语种：English
出版社：Elsevier
摘要：Botnet is a network of infected workstations that are remotely managed by BotMaster via the command and control (C&C) server. Botnets pose a serious threat to network security since they are the source of a variety of malicious behaviors such as information theft, phishing, and Distributed Denial of Service (DDoS) assaults. Using a Domain Generation Algorithm (DGA) to produce a vast set of domain names is one of the most prevalent ways for hiding the identity of the C&C server. As a result, existing defensive methods have a limited chance of detecting and defeating such infrastructure. In this study, a system is suggested that employs machine learning techniques to categorize domain names into malicious or legitimate domain names. The suggested method is based on assessing the linguistic qualities of domain names requested from various hosts. Fifteen associated linguistic features were collected from the domain wordings to determine the degree of randomization, rarity, typing difficulty, and other related factors. The proposed system is tested with DNS requests gathered from various sources and seven distinct DGA botnet families. The findings reveal that the suggested technique can detect DGA domains with a 99.1% and a 0.6% false-positive rate.