Hokkaido University Collection of Scholarly and Academic Papers >
Information Initiative Center >
Peer-reviewed Journal Articles, etc >
Detection and Blocking of DGA-based Bot Infected Computers by Monitoring NXDOMAIN Responses
Title: | Detection and Blocking of DGA-based Bot Infected Computers by Monitoring NXDOMAIN Responses |
Authors: | Iuchi, Yuki Browse this author | Jin, Yong Browse this author →KAKEN DB | Ichise, Hikaru Browse this author | Iida, Katsuyoshi Browse this author →KAKEN DB | Takai, Yoshiaki Browse this author →KAKEN DB |
Keywords: | Bot | DNS | DGA | NXDOMAIN | SDN |
Issue Date: | 19-Aug-2020 |
Publisher: | IEEE |
Citation: | Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), 2020 7th IEEE International Conference |
Start Page: | 82 |
End Page: | 87 |
Publisher DOI: | 10.1109/CSCloud-EdgeCom49738.2020.00023 |
Abstract: | Cyberattacks by botnets keep on increasing. In this research, we aim to detect and block Domain Generation Algorithm (DGA)-based bot-infected computers by focusing on the characteristics of domain name resolution for searching the Command & Control (C&C) servers. The attackers register only few of the DGA-based domain names for the C&C servers and make the bot-infected computers search them using DNS domain name resolution for the further instructions. This makes the DNS domain name resolution in C&C server searching process inevitably causing NXDOMAIN responses for queries about nonexistence domain names. In this paper, we designed and implemented a detection and blocking system against DGA-based bot-infected computers searching for the C&C servers by analyzing the DNS traffic resulted with NXDOMAIN responses. According to the feature evaluation results, we confirmed that the prototype system was effective for multiple types of DGA-based bots thus the approach could be applicable to detect and block the malicious DNS traffic from the bot-infected computers at the early stage. |
Description: | 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom).1-3 Aug. 2020 |
Conference Name: | 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) |
Rights: | © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. |
Type: | proceedings (author version) |
URI: | http://hdl.handle.net/2115/87495 |
Appears in Collections: | 情報基盤センター (Information Initiative Center) > 雑誌発表論文等 (Peer-reviewed Journal Articles, etc)
|
Submitter: 飯田 勝吉
|