DETECT THE FAST-FLUX BOTNETS WITH THE DNS CHARACTERISTIC
At present,the fast-flux technology is widely used in Botnet to hide Command&Control Server and improve its robustness.In this paper,we analyze and test fast-flux Botnets features using machine learning in depth.Based the concept of information entropy,we select ten classification features of fast-flux Botnet and quantify the information contained in each feature.We adopt various classification algorithms in experiment test depending on selected features,in which we achieved an effective result.Meanwhile,we describe methods to acquire these features in a network.Moreover,we develop Fast-flux Botnet Real-time Detecting System (FBRDS) based on DNS traffic.Furthermore,we test our system in real network,and analyze its availability.
Botnet detection Fast-flux DNS
Xiangzhan Yu Liang Zhang Zhaoxin Zhang Dan Liu
School of Computer Science and Technology,Harbin Institute of Technology,Harbin 150001,China National Computer network Emergency Response technical Team / Coordination Center of China,Beijing 1 IBM China Design Center,Beijing 100020,China
国际会议
杭州
英文
835-841
2012-10-30(万方平台首次上网日期,不代表论文的发表时间)