Abstract
Botnets pose a major threat to the information security of organizations and individuals. The bots (malware infected hosts) receive commands and updates from the Command and Control (C&C) servers, and hence, contacting and communicating with these servers is an essential requirement of bots. However, once a malware is identified in the infected host, it is easy to find its C&C server and block it, if the domain names of the servers are hard-coded in the malware. To counter such detection, many malwares families use probabilistic algorithms known as domain generation algorithms (DGAs) to generate domain names for the C&C servers. This makes it difficult to track down the C&C servers of the Botnet even after the malware is identified. In this paper, we propose a probabilistic approach for the identification of domain names which are likely to be generated by a malware using DGA. The proposed solution is based on the hypothesis that human generated domain names are usually inspired by the words from a particular language (say English), whereas DGA generated domain names should contain random sub-strings in it. Results show that the percentage of false negatives in the detection of DGA generated domain names using the proposed method is less than 29% across 30 DGA families considered by us in our experimentation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Security, pp. 635–647 (2009)
Barabosch, T., Wichmann, A., Leder, F., Gerhards-Padilla, E.: Automatic extraction of domain name generation algorithms from current malware
Panda Security: Pandalabs annual Report - 2015 summary (2016)
Yin, H., Song, D.: Panorama: capturing System-wise information flow for malware detection and analysis. In: CCS 2007, Alexandra, Virginia, USA, 29 November–2 November 2007 (2007)
Kolbitsch, C., Holz, T., Kruegel, C., Kirda, E.: Inspector gadget: automated extraction of proprietary gadgets from malware binaries. In: Security and Privacy, pp. 29–44 (2010)
Caballero, J., Johnson, N.M., Mccamant, S., Song, D.: Binary code extraction and interface identification for security applications. Electr. Eng. (2009)
Yadav, S., Reddy, A., Reddy, A.: Detecting algorithmically generated malicious domain names. In: IMC 2010 (2010)
Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M., Antipolis, S.: Exposure: finding malicious domains using passive DNS analysis. In: 18th Annual Network and Distributed System Security Symposium, pp. 1–17 (2011)
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: Proceedings of the 19th Conference on Security, USENIX Security 2010, p. 18 (2010)
Burr, W., Dodson, D., Polk, W.: Electronic authentication guideline. NIST Special publication 800-63 (2004)
Sharifnya, R., Abadi, M.: A novel reputation system to detect DGA-based botnets. In: Proceedings 2013 ANR (2013)
Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting algorithmically generated domain-flux attacks with DNS traffic analysis. IEEE/ACM Trans. Netw. 20, 1663–1677 (2012)
Li, R., Vitanyi, P.: An Introduction to Kolmogorov Complexity and Its Applications. Springer, Heidelberg (1997)
Royal, P.: On the Kraken and Bobax botnets (2008). www.damballa.com/downloads/press/Kraken_Response.pdf. Accessed 06 Aug 2012
Leder, F., Werner, T.: Know your enemy: containing conficker. The Honeynet Project (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Vishvakarma, D.K., Bhatia, A., Riha, Z. (2020). Detection of Algorithmically Generated Domain Names in Botnets. In: Barolli, L., Takizawa, M., Xhafa, F., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2019. Advances in Intelligent Systems and Computing, vol 926. Springer, Cham. https://doi.org/10.1007/978-3-030-15032-7_107
Download citation
DOI: https://doi.org/10.1007/978-3-030-15032-7_107
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-15031-0
Online ISBN: 978-3-030-15032-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)