A Detection Method for DGA-based Botnet on Big Data Platform

Authors: Tuan-Dung Cao*

Abstract

Today the botnet is one of the most dangerous threat to Internet security, which supports a wide range of computer criminal activities. An increasing number of botnets use Domain Generation Algorithms (DGAs) to avoid detection and exclusion by the traditional methods. This paper presents a novel method to detect DGA botnets using Density-Based Clustering and Collaborative Filtering. We propose a combination of clustering and classification algorithm that relies on the similarity in characteristic distribution of domain names to remove noise and group similar domains. Collaborative Filtering (CF) technique is applied to find out offline malwares infected-machine. Our prototype system, implemented on big data platform, carries out the analysis of a huge amount of DNS traffic log of Viettel Group and obtain positive results

Keyword

Big Data, Botnet, Domain Generation Algorithm, Clustering.
Pages : 130-136

Related Articles:

Authors : Trieu Viet Phuong, Trinh Quang Thong, Nguyen Thi Lan Huong*
Authors : Dang Nhu Dinh, Vu Van Yem, Hoang Phuong Chi*, Dao Ngoc Chien
Authors : Dang Thai Son, Sayan Mukherjee, Thang Manh Hoang*