Title

Detecting Malware Domains: A Cyber-Threat Alarm System

Document Type

Conference Proceeding

Source of Publication

Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST

Publication Date

1-1-2018

Abstract

© 2018, ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Throughout the years, hackers’ intentions’ varied from curiosity, to financial gains, to political statements. Armed with their botnets, bot masters could crash a server or website. Statistics show that botnet activity accounts for 29% of the Internet traffic. But how can bot masters establish undetected communication with their botnets? The answer lies in the Domain Name System (DNS), using which hackers host their own domain and assign to it changing IP addresses to avoid being detected. In this paper, we propose a multi-factor cyber-threat detection system that relies on DNS traffic analysis for the detection of malicious domains. The proposed system was implemented, and tested, and the results yielded are very promising.

ISBN

9783319678368

ISSN

1867-8211

Publisher

Springer Verlag

Volume

206

First Page

181

Last Page

191

Disciplines

Business | Computer Sciences

Keywords

Botnets, Cyber-threat, DNS analysis, Malicious domains’ detection

Scopus ID

85032703976

Indexed in Scopus

yes

Open Access

no

Share

COinS