BOTNET DETECTION BASED ON COMPUTING NEGATIVE REPUTATION SCORE BY USE OF A CLUSTERING METHOD AND DNS TRAFFIC

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

SHARIFNYAY DIZBONI R.; MANAFI MURKANI A.

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: NASHRIYYAH -I MUHANDISI -I BARQ VA MUHANDISI -I KAMPYUTAR -I IRAN, B- MUHANDISI -I KAMPYUTAR Year:2016 | Volume:14 | Issue:1 Page(s): 63-72

Download Full-Text

Persian Verion

View:

992

Download:

Cites:

Information Journal Paper

Title

BOTNET DETECTION BASED ON COMPUTING NEGATIVE REPUTATION SCORE BY USE OF A CLUSTERING METHOD AND DNS TRAFFIC

Author(s)

SHARIFNYAY DIZBONI R. | MANAFI MURKANI A. | Issue Writer Certificate

Keywords

BOTNET DETECTIONQ1

COMPUTING NEGATIVE REPUTATIONQ2

IP-FLUXQ2

DOMAIN-FLUXQ2

DNS CLUSTERINGQ2

Abstract

Today, botnets are known as one of the most important threats against Internet infrastructure. A botnet is a network of compromised hosts (bots) remotely controlled by a so-called botmaster through one or more command and control (C&C) servers. Since DNS is one of the most important services on Internet, botmasters use it to resistance their botnet. By use of DNS service, botmasters implement two techniques: IP-FLUX and DOMAIN-FLUX. These techniques help an attacker to dynamically change C&C server addresses and prevent it from becoming blacklisted. In this paper, we propose a reputation system used a clustering method and DNS traffic for online fluxing botnets detection .we first cluster DNS queries with similar characteristics at the end of each time period. We then identify hosts that generate suspicious domain names and add them to a so-called suspicious group activity matrix. We finally calculate the negative reputation score of each host in the matrix and detect hosts with high negative reputation scores as bot-infected. The experimental results show that it can successfully detect fluxing botnets with a high detection rate and a low false alarm rate.

Cites

No record.

References

No record.

Cite

APA: Copy

SHARIFNYAY DIZBONI, R., & MANAFI MURKANI, A.. (2016). BOTNET DETECTION BASED ON COMPUTING NEGATIVE REPUTATION SCORE BY USE OF A CLUSTERING METHOD AND DNS TRAFFIC. NASHRIYYAH -I MUHANDISI -I BARQ VA MUHANDISI -I KAMPYUTAR -I IRAN, B- MUHANDISI -I KAMPYUTAR, 14(1), 63-72. SID. https://sid.ir/paper/228521/en

Vancouver: Copy

SHARIFNYAY DIZBONI R., MANAFI MURKANI A.. BOTNET DETECTION BASED ON COMPUTING NEGATIVE REPUTATION SCORE BY USE OF A CLUSTERING METHOD AND DNS TRAFFIC. NASHRIYYAH -I MUHANDISI -I BARQ VA MUHANDISI -I KAMPYUTAR -I IRAN, B- MUHANDISI -I KAMPYUTAR[Internet]. 2016;14(1):63-72. Available from: https://sid.ir/paper/228521/en

IEEE: Copy

R. SHARIFNYAY DIZBONI, and A. MANAFI MURKANI, “BOTNET DETECTION BASED ON COMPUTING NEGATIVE REPUTATION SCORE BY USE OF A CLUSTERING METHOD AND DNS TRAFFIC,” NASHRIYYAH -I MUHANDISI -I BARQ VA MUHANDISI -I KAMPYUTAR -I IRAN, B- MUHANDISI -I KAMPYUTAR, vol. 14, no. 1, pp. 63–72, 2016, [Online]. Available: https://sid.ir/paper/228521/en

Related Journal Papers