Abstract

Fast Flux Botnet (FFB) is an advance method developed by cyber criminals to perpetrate distributed malicious attacks. The major problems of existing FFB detection systems are the vulnerability to evasion mechanisms, long detection time, and high dimensionality of the feature set. In this study, an improved FFB detection architecture called Bot-FFX was developed to address some of these problems. The developed Bot-FFX consists of four modules: extractor, filter, resolver, and detector. The extractor module is responsible for Domain Name System (DNS) queries on domains. The filter module can classify the incoming domains as either blacklist or whitelist and sends the unclassified domains to the resolver. The resolver extracts all IP addresses associated with the domain at its Time-To-Live (TTL) within a time frame of 10 min. The detector module uses a rule-based Genetic Algorithm (GA) and K-Nearest Neighbor (KNN) for botnet detection. The detector computed the Standard Deviation of Round Trip Time (SDRTT), Average Google Hits (AGH) and Genetic Threshold Value (GTV) for all IP addresses associated with the domains. The detector, built on a decision tree rules and the K-Dimensional (KD) tree KNN algorithm, classified the domains using the set of IP addresses, SDRTT, AGH, and GTV. The Bot-FFX was implemented on a dataset of 2,000 benign domains and 1,630 botnet domains. The dataset was split into 50% training and 50% testing sets. The evaluation results on the same datasets showed that Bot-FFX is an effective FFB detection system with accuracy, false positive, and false negative of 99.178%, 0.8%, and 0.8% respectively.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.