Abstract
The never-ending menace of botnet is causing many serious problems on the Internet. Although there are significant efforts on detecting botnet at the global level which rely heavily on finding failed queries and domain flux information for botnet detection, there are very few efforts being made to detect bot infection at an enterprise level. Detecting bot-infected machines is vital for any organization in combating various security threats. This work proposes a novel anomaly-based detection technique which considers hourly hosts DNS fingerprint and attempts to find anomalous behavior which is quite different from normal machine behavior. This work successfully demonstrates the DNS Anomaly Detection (named BotDAD) technique for detecting bot-infected machine in a network using DNS fingerprinting.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
