- Title
- A framework for DNS based detection and mitigation of malware infections on a network
- Creator
- Stalmans, Etienne
- Creator
- Irwin, Barry V W
- Subject
- To be catalogued
- Date Issued
- 2011
- Date
- 2011
- Type
- text
- Type
- article
- Identifier
- http://hdl.handle.net/10962/429827
- Identifier
- vital:72642
- Identifier
- 10.1109/ISSA.2011.6027531
- Description
- Modern botnet trends have lead to the use of IP and domain fast-fluxing to avoid detection and increase resilience. These techniques bypass traditional detection systems such as blacklists and intrusion detection systems. The Domain Name Service (DNS) is one of the most prevalent protocols on modern networks and is essential for the correct operation of many network activities, including botnet activity. For this reason DNS forms the ideal candidate for monitoring, detecting and mit-igating botnet activity. In this paper a system placed at the network edge is developed with the capability to detect fast-flux domains using DNS queries. Multiple domain features were examined to determine which would be most effective in the classification of domains. This is achieved using a C5.0 decision tree classifier and Bayesian statistics, with positive samples being labeled as potentially malicious and nega-tive samples as legitimate domains. The system detects malicious do-main names with a high degree of accuracy, minimising the need for blacklists. Statistical methods, namely Naive Bayesian, Bayesian, Total Variation distance and Probability distribution are applied to detect mali-cious domain names. The detection techniques are tested against sample traffic and it is shown that malicious traffic can be detected with low false positive rates.
- Format
- 8 pages
- Format
- Language
- English
- Relation
- Information Security for South Africa
- Relation
- Stalmans, E. and Irwin, B., 2011, August. A framework for DNS based detection and mitigation of malware infections on a network. In 2011 Information Security for South Africa (pp. 1-8). IEEE
- Relation
- Information Security for South Africa volume 2011 number 1 1 8 2011 2330-9881
- Rights
- Publisher
- Rights
- Use of this resource is governed by the terms and conditions of the IEEE Xplore Terms of Use Statement (https://ieeexplore.ieee.org/Xplorehelp/overview-of-ieee-xplore/terms-of-use)
- Hits: 143
- Visitors: 147
- Downloads: 6
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | SOURCE1 | A framework for DNS based detection and mitigation of malware infections on a network.pdf | 660 KB | Adobe Acrobat PDF | View Details Download |