Abstract
Botnets pose a major threat to the information security of organizations and individuals. The bots (malware infected hosts) receive commands and updates from the Command and Control (C&C) servers, and hence, contacting and communicating with these servers is an essential requirement of bots. However, once a malware is identified in the infected host, it is easy to find its C&C server and block it, if the domain names of the servers are hard-coded in the malware. To counter such detection, many malwares families use probabilistic algorithms known as domain generation algorithms (DGAs) to generate domain names for the C&C servers. This makes it difficult to track down the C&C servers of the Botnet even after the malware is identified. In this paper, we propose a probabilistic approach for the identification of domain names which are likely to be generated by a malware using DGA. The proposed solution is based on the hypothesis that human generated domain names are usually inspired by the words from a particular language (say English), whereas DGA generated domain names should contain random sub-strings in it. Results show that the percentage of false negatives in the detection of DGA generated domain names using the proposed method is less than 29% across 30 DGA families considered by us in our experimentation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Security, pp. 635–647 (2009)
Barabosch, T., Wichmann, A., Leder, F., Gerhards-Padilla, E.: Automatic extraction of domain name generation algorithms from current malware
Panda Security: Pandalabs annual Report - 2015 summary (2016)
Yin, H., Song, D.: Panorama: capturing System-wise information flow for malware detection and analysis. In: CCS 2007, Alexandra, Virginia, USA, 29 November–2 November 2007 (2007)
Kolbitsch, C., Holz, T., Kruegel, C., Kirda, E.: Inspector gadget: automated extraction of proprietary gadgets from malware binaries. In: Security and Privacy, pp. 29–44 (2010)
Caballero, J., Johnson, N.M., Mccamant, S., Song, D.: Binary code extraction and interface identification for security applications. Electr. Eng. (2009)
Yadav, S., Reddy, A., Reddy, A.: Detecting algorithmically generated malicious domain names. In: IMC 2010 (2010)
Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M., Antipolis, S.: Exposure: finding malicious domains using passive DNS analysis. In: 18th Annual Network and Distributed System Security Symposium, pp. 1–17 (2011)
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: Proceedings of the 19th Conference on Security, USENIX Security 2010, p. 18 (2010)
Burr, W., Dodson, D., Polk, W.: Electronic authentication guideline. NIST Special publication 800-63 (2004)
Sharifnya, R., Abadi, M.: A novel reputation system to detect DGA-based botnets. In: Proceedings 2013 ANR (2013)
Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting algorithmically generated domain-flux attacks with DNS traffic analysis. IEEE/ACM Trans. Netw. 20, 1663–1677 (2012)
Li, R., Vitanyi, P.: An Introduction to Kolmogorov Complexity and Its Applications. Springer, Heidelberg (1997)
Royal, P.: On the Kraken and Bobax botnets (2008). www.damballa.com/downloads/press/Kraken_Response.pdf. Accessed 06 Aug 2012
Leder, F., Werner, T.: Know your enemy: containing conficker. The Honeynet Project (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Vishvakarma, D.K., Bhatia, A., Riha, Z. (2020). Detection of Algorithmically Generated Domain Names in Botnets. In: Barolli, L., Takizawa, M., Xhafa, F., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2019. Advances in Intelligent Systems and Computing, vol 926. Springer, Cham. https://doi.org/10.1007/978-3-030-15032-7_107
Download citation
DOI: https://doi.org/10.1007/978-3-030-15032-7_107
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-15031-0
Online ISBN: 978-3-030-15032-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)