Today the botnet is one of the most dangerous threat to Internet security, which supports a wide range of computer criminal activities. An increasing number of botnets use Domain Generation Algorithms (DGAs) to avoid detection and exclusion by the traditional methods. This paper presents a novel method to detect DGA botnets using Density-Based Clustering and Collaborative Filtering. We propose a combination of clustering and classification algorithm that relies on the similarity in characteristic distribution of domain names to remove noise and group similar domains. Collaborative Filtering (CF) technique is applied to find out offline malwares infected-machine. Our prototype system, implemented on big data platform, carries out the analysis of a huge amount of DNS traffic log of Viettel Group and obtain positive results
Big Data, Botnet, Domain Generation Algorithm, Clustering.
224-C1, Hanoi University of Science and Technology 1 Dai Co Viet, Hai Ba Trung, Hanoi, Vietnam Tel: +84 (024) 3623.0949 | email: email@example.com
TẠP CHÍ KHOA HỌC VÀ CÔNG NGHỆ Giấy phép số37/GP-BTTTT (15/01/2021) Giấy phép sửa đổi, bổ sung số140/GP-BTTTT (05/3/2021) Đơn vị cấp phép:Bộ Thông tin và Truyền thông Cơ quan chủ quản:Trường Đại học Bách Khoa Hà Nội Phó tổng biên tập phụ trách:GS. Đinh Văn Phong