Nguyen Quoc et al., 2022 - Google Patents
Detecting DGA Botnet based on Malware Behavior AnalysisNguyen Quoc et al., 2022
- Document ID
- 16939620730852267796
- Author
- Nguyen Quoc K
- Bui T
- Le D
- Tran D
- Nguyen T
- Nguyen H
- Publication year
- Publication venue
- Proceedings of the 11th International Symposium on Information and Communication Technology
External Links
Snippet
DGA botnet uses the Domain Generation Algorithm to generate domains that are used to establish the connection between malware bots and malicious actors. It has become a serious threat to internet-connected systems. Detection of DGA botnets is a challenging task …
- 238000004458 analytical method 0 title abstract description 36
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Vinayakumar et al. | Scalable framework for cyber threat situational awareness based on domain name systems data analysis | |
| Singh et al. | Issues and challenges in DNS based botnet detection: A survey | |
| Nelms et al. | {ExecScent}: Mining for New {C&C} Domains in Live Networks with Adaptive Control Protocol Templates | |
| US8260914B1 (en) | Detecting DNS fast-flux anomalies | |
| Bagui et al. | Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset | |
| Alani | Big data in cybersecurity: a survey of applications and future trends | |
| Truong et al. | Detecting domain‐flux botnet based on DNS traffic features in managed network | |
| Dong et al. | An adaptive system for detecting malicious queries in web attacks | |
| Sathya et al. | Discriminant analysis based feature selection in kdd intrusion dataset | |
| Alavizadeh et al. | A survey on cyber situation-awareness systems: Framework, techniques, and insights | |
| Thomas | Improving intrusion detection for imbalanced network traffic | |
| Rizvi et al. | Application of artificial intelligence to network forensics: Survey, challenges and future directions | |
| Haddadi et al. | Botnet behaviour analysis: How would a data analytics‐based system with minimum a priori information perform? | |
| Chen et al. | A categorization framework for common computer vulnerabilities and exposures | |
| Quezada et al. | Real-time bot infection detection system using DNS fingerprinting and machine-learning | |
| Nguyen Quoc et al. | Detecting DGA Botnet based on Malware Behavior Analysis | |
| CN112204930A (en) | Malicious domain name detection device and method | |
| Liu et al. | CCGA: clustering and capturing group activities for DGA-based botnets detection | |
| Ismail et al. | Incorporating known malware signatures to classify new malware variants in network traffic | |
| Kirchner | A framework for detecting anomalies in http traffic using instance-based learning and k-nearest neighbor classification | |
| Abirami et al. | Proactive network packet classification using artificial intelligence | |
| Quinan et al. | Activity and Event Network Graph and Application to Cyber-Physical Security | |
| Tharshini et al. | Access log anomaly detection | |
| Udiyono et al. | Botnet Detection Using DNS and HTTP Traffic Analysis | |
| Yoshida et al. | Detection and filtering system for DNS water torture attacks relying only on domain name information |