Skip to main content
SpringerLink
Log in

Information Technology for Botnets Detection Based on Their Behaviour in the Corporate Area Network

  • Conference paper
  • First Online:
Computer Networks (CN 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 718))

Included in the following conference series:

Abstract

A new information technology for botnets detection based on the analysis of the botnets’ behaviour in the corporate area network is proposed. Botnets detection is performing combining two ways: using network-level and host-level analysis. One approach makes it possible to analyze the behaviour of the software in the host, which may indicate the possible presence of bot directly in the host and identify malicious software, and another one involves monitoring and analyzing the DNS-traffic, which allows making conclusion about network hosts’ infections with bot of the botnet. Based on this information technology an effective botnets detection tool BotGRABBER was constructed. It is able to detect bots, that use such evasion techniques as cycling of IP mapping, “domain flux”, “fast flux”, DNS-tunneling. Usage of the developed system makes it possible to detect infected hosts by bots of the botnets with high efficiency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Komar, M., Kochan, V., Sachenko, A., Ababii, V.: Improving of the security of intrusion detection system. In: 2016 International Conference on Development and Application Systems (DAS), pp. 315–319 (2016)

    Google Scholar 

  2. Harsha, T., Asha, S., Soniya, B.: Feature selection for effective botnet detection based on periodicity of traffic. In: Ray, I., Gaur, M.S., Conti, M., Sanghi, D., Kamakoti, V. (eds.) ICISS 2016. LNCS, vol. 10063, pp. 471–478. Springer, Cham (2016). doi:10.1007/978-3-319-49806-5_26

    Chapter  Google Scholar 

  3. Sochor, T., Zuzcak, M.: Attractiveness study of honeypots and honeynets in internet threat detection. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2015. CCIS, vol. 522, pp. 69–81. Springer, Cham (2015). doi:10.1007/978-3-319-19419-6_7

    Chapter  Google Scholar 

  4. Sochor, T., Zuzcak, M., Bujok, P.: Analysis of attackers against windows emulating honeypots in various types of networks and regions. In: International Conference on Ubiquitous and Future Networks, pp. 863–868 (2016)

    Google Scholar 

  5. Dietz, C., Sperotto, A., Dreo, G., Pras, A.: How to achieve early botnet detection at the provider level? In: Badonnel, R., Koch, R., Pras, A., Drašar, M., Stiller, B. (eds.) AIMS 2016. LNCS, vol. 9701, pp. 142–146. Springer, Cham (2016). doi:10.1007/978-3-319-39814-3_15

    Google Scholar 

  6. Kwon, J., Lee, J., Lee, H., Perrig, A.: PsyBoG: a scalable botnet detection method for large-scale DNS traffic. In: Computer Networks, vol. 97, pp. 48–73 (2016)

    Google Scholar 

  7. Sharifnya, R., Abadi, M.: DFBotKiller: domain-flux botnet detection based on the history of group activities and failures in DNS traffic. Digit. Invest. 12, 15–26 (2015)

    Article  Google Scholar 

  8. Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., Bobrovnikova, K.: Anti-evasion technique for the botnets detection based on the passive DNS monitoring and active DNS probing. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2016. CCIS, vol. 608, pp. 83–95. Springer, Cham (2016). doi:10.1007/978-3-319-39207-3_8

    Google Scholar 

  9. Schiller, C., Binkley, R., Botnets, J.: The Killer Web Application, p. 464. Syngress Publishing, Burlington (2007)

    Google Scholar 

  10. Yadav, S., Reddy, A.L.N.: Winning with DNS failures: strategies for faster botnet detection. In: Proceedings of the 7th International ICST Conference on Security and Privacy in Communication Networks, pp. 446–459 (2011)

    Google Scholar 

  11. Salusky, W., Danford, R.: Know your enemy: fast-flux service networks. The Honeynet Project (2007). http://www.honeynet.org/book/export/html/130

  12. Nazario, J., Holz, T.: As the net churns: fast-flux botnet observations. In: Conference on Malicious and Unwanted Software (Malware 2008), pp. 24–31 (2008)

    Google Scholar 

  13. DAMBALLA: Botnet Communication Topologies. Understanding the intricacies of botnet command-and-control. https://www.damballa.com/downloads/r_pubs/WP_Botnet_Communications_Primer.pdf

  14. Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: finding malicious domains using passive DNS analysis. In: NDSS, pp. 1–17 (2011)

    Google Scholar 

  15. Farnham, G., Atlasis, A.: Detecting DNS tunneling. SANS Institute InfoSec Reading Room, pp. 1–32 (2013)

    Google Scholar 

  16. Dietrich, C.J., Rossow, C., Freiling, F.C., Bos, H., van Steen, M., Pohlmann, N.: On Botnets that use DNS for command and control. In: Proceedings of European Conference on Computer Network Defense, pp. 9–16 (2011)

    Google Scholar 

  17. Guy, J.: A study of DNS, 30 January 2009. http://armatum.com/blog/2009/a-study-of-dns/

  18. Guy, J.: DNS part ii: visualization, 13 February 2009. http://armatum.com/blog/2009/dns-part-ii/

  19. Tarhio, J., Ukkonen, E.: Approximate BoyerMoore string matching. SIAM J. Comput. 22(2), 243–260 (1993)

    Article  MathSciNet  MATH  Google Scholar 

  20. Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., Bobrovnikova, K.: A technique for the Botnet detection based on DNS-traffic analysis. In: Gaj, P., Kwiecień, A., Stera, P. (eds.) CN 2015. CCIS, vol. 522, pp. 127–138. Springer, Cham (2015). doi:10.1007/978-3-319-19419-6_12

    Chapter  Google Scholar 

  21. Dipankar, D.: Artificial immune systems. In: Encyclopedia of Sciences and Religions, pp. 136–139 (2013)

    Google Scholar 

  22. Zhang, F., Qi, D.: A positive selection algorithm for classification. J. Comput. Inf. Syst. 207–215 (2012)

    Google Scholar 

  23. Goswami, M., Bhattacharjee, A.: Detector generation algorithm for self-nonself detection in artificial immune system. In: 2014 International Conference for Technology on Convergence of Technology (I2CT), pp. 1–6 (2014)

    Google Scholar 

Download references

Acknowledgments

This research was supported by a TEMPUS SEREIN project (Project reference number 543968-TEMPUS-1-2013-1-EE-TEMPUS-JPCP). Additionally, we thank the Khmelnytsky National University for providing access to the DNS-traffic during the early phases of this work.

Author information

Authors and Affiliations

  1. Department of Computer Engineering and System Programming, Khmelnitsky National University, Instytutska, 11, Khmelnitsky, Ukraine

    Sergii Lysenko, Oleg Savenko, Kira Bobrovnikova, Andrii Kryshchuk & Bohdan Savenko

Authors
  1. Sergii Lysenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Oleg Savenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kira Bobrovnikova
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Andrii Kryshchuk
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Bohdan Savenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sergii Lysenko .

Editor information

Editors and Affiliations

  1. Silesian University of Technology, Gliwice, Poland

    Piotr Gaj

  2. Silesian University of Technology, Gliwice, Poland

    Andrzej Kwiecień

  3. Silesian University of Technology, Gliwice, Poland

    Michał Sawicki

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Lysenko, S., Savenko, O., Bobrovnikova, K., Kryshchuk, A., Savenko, B. (2017). Information Technology for Botnets Detection Based on Their Behaviour in the Corporate Area Network. In: Gaj, P., Kwiecień, A., Sawicki, M. (eds) Computer Networks. CN 2017. Communications in Computer and Information Science, vol 718. Springer, Cham. https://doi.org/10.1007/978-3-319-59767-6_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59767-6_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59766-9

  • Online ISBN: 978-3-319-59767-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation