Detection DNS Tunneling Botnets

Botnets are often used in cyberattacks on network services and individual users, so the ability to detect botnets is very important. Botnets use DNS tunneling to send malicious command-and-control (C&C) commands to victims' hosts. Unfortunately, DNS tunneling attacks are very hard to detect...

Full description

Saved in:
Bibliographic Details
Main Authors: Savenko, Bohdan, Lysenko, Sergii, Bobrovnikova, Kira, Savenko, Oleg, Markowsky, George
Format: Conference Proceeding
Language:English
Subjects:
Botnet
botnet detection
classifier
Data acquisition
Data models
DNS
DNS tunneling attacks
Feature extraction
Machine learning
malware
network security
networks
Servers
Tunneling
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Botnets are often used in cyberattacks on network services and individual users, so the ability to detect botnets is very important. Botnets use DNS tunneling to send malicious command-and-control (C&C) commands to victims' hosts. Unfortunately, DNS tunneling attacks are very hard to detect. The paper presents a new approach for DNS tunneling botnet detection, which considers all the features and architectural characteristics of botnets. The technique described in this paper is highly efficient at detecting DNS tunneling attacks.
ISSN:2770-4254
DOI:10.1109/IDAACS53288.2021.9661022