BOTNET DETECTION BASED ON DNS RECORDS AND ACTIVE PROBING
Iria Prieto, Eduardo Magaña, Daniel Morató, Mikel Izal
2011
Abstract
Computers connected to Internet are constantly threatened by different types of malware. One of the most important malware are botnets that convert infected computers into agents that follow actions instructed by a command-and-control server. A botmaster can control thousands of agents. This means a significant capacity to accomplish any kind of network attack (DoS), email spam or phishing. In this paper, communication peculiarities with the command-and-control server are used to provide an identification of computers infected by a botnet. This identification is based mainly in DNS records of registered domains where command-and-control servers are hosted. Therefore, processing overhead is reduced avoiding per packet or per flow network supervision.
DownloadPaper Citation
in Harvard Style
Prieto I., Magaña E., Morató D. and Izal M. (2011). BOTNET DETECTION BASED ON DNS RECORDS AND ACTIVE PROBING . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011) ISBN 978-989-8425-71-3, pages 307-316. DOI: 10.5220/0003522903070316
in Bibtex Style
@conference{secrypt11,
author={Iria Prieto and Eduardo Magaña and Daniel Morató and Mikel Izal},
title={BOTNET DETECTION BASED ON DNS RECORDS AND ACTIVE PROBING},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)},
year={2011},
pages={307-316},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003522903070316},
isbn={978-989-8425-71-3},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2011)
TI - BOTNET DETECTION BASED ON DNS RECORDS AND ACTIVE PROBING
SN - 978-989-8425-71-3
AU - Prieto I.
AU - Magaña E.
AU - Morató D.
AU - Izal M.
PY - 2011
SP - 307
EP - 316
DO - 10.5220/0003522903070316