Abstract

Botnet is a network of infected workstations that are remotely managed by BotMaster via the command and control (C&C) server. Botnets pose a serious threat to network security since they are the source of a variety of malicious behaviors such as information theft, phishing, and Distributed Denial of Service (DDoS) assaults. Using a Domain Generation Algorithm (DGA) to produce a vast set of domain names is one of the most prevalent ways for hiding the identity of the C&C server.As a result, existing defensive methods have a limited chance of detecting and defeating such infrastructure. In this study, a system is suggested that employs machine learning techniques to categorize domain names intomalicious orlegitimate domain names. The suggested method is based on assessing the linguistic qualities of domain names requested from various hosts. Fifteen associated linguistic features were collected from the domain wordings to determine the degree of randomization, rarity, typing difficulty, and other related factors. The proposed system is tested with DNS requests gathered from various sources and seven distinct DGA botnet families. The findings reveal that the suggested technique can detect DGA domains with a 99.1% and a 0.6% false-positive rate.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call