Today the botnet is one of the most dangerous threat to Internet security, which supports a wide range of computer criminal activities. An increasing number of botnets use Domain Generation Algorithms (DGAs) to avoid detection and exclusion by the traditional methods. This paper presents a novel method to detect DGA botnets using Density-Based Clustering and Collaborative Filtering. We propose a combination of clustering and classification algorithm that relies on the similarity in characteristic distribution of domain names to remove noise and group similar domains. Collaborative Filtering (CF) technique is applied to find out offline malwares infected-machine. Our prototype system, implemented on big data platform, carries out the analysis of a huge amount of DNS traffic log of Viettel Group and obtain positive results
Keyword
Big Data, Botnet, Domain Generation Algorithm, Clustering.