Related Concepts
Definition
DNS-based botnet detection is a kind of botnet detection method which utilizes DNS-related network traffics to determine whether the machines involved are infected with a botnet or not.
Background
Botnet is one of the most serious threats on Internet, as such, there have been many research efforts to detect and mitigate them. Several mechanisms to detect botnets have been introduced based on monitoring the host-level and network-level behaviors of the botnet traffic.
Theory and Application
Since DNS query and response traffic is one of the major elements in network behaviors, there have been a couple of botnet detection methods that are based on observing the DNS activities in the network infrastructure. Unlike other approaches, the DNS-based detection method does not require the specific knowledge about the botnet protocol or its behavior signatures a priori. In general, when a botnet...
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Dagon D (2005) Botnet detection and response, the network is the infection. In: OARC workshop
Dagon D, Zou C, Lee W (2006) Modeling botnet propagation using time zones. In: Proceedings of 13th network and distributed system security symposium (NDSS’06), Santa Clara
Oberheide J, Karir M, Mao ZM (2007) Characterizing dark DNS behavior. In: Proceedings of 4th international conference on detection of intrusions and malware, and vulnerability assessment, Lucerne
Ramachandran NFA, Dagon D (2006) Revealing botnet membership using dnsbl counter-intelligence. In: Proceedings of 2nd workshop on steps to reducing unwanted traffic on the internet (SRUTI’06), San Jose
Schonewille A, van Helmond DJ (2006) The domain name service as an IDS Master’s project, University of Amsterdam, Netherlands. http://staff.science.uva.nl/~delaat/snb-2005-2006/p12/report.pdf. Accessed Feb 2006
Villamarin-Salomon R, Brustoloni JC (2008) Identifying botnets using anomaly detection techniques applied to DNS traffic. In: Proceedings of 5th IEEE consumer communications and networking conference (CCNC 2008), Las Vegas
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Kang, B.B.H. (2011). DNS-Based Botnet Detection. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_845
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_845
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering