Detecting Active Bot Networks Based on DNS Traffic Analysis
سال انتشار: 1398
نوع سند: مقاله ژورنالی
زبان: انگلیسی
مشاهده: 362
فایل این مقاله در 14 صفحه با فرمت PDF قابل دریافت می باشد
- صدور گواهی نمایه سازی
- من نویسنده این مقاله هستم
استخراج به نرم افزارهای پژوهشی:
شناسه ملی سند علمی:
JR_JACET-5-3_001
تاریخ نمایه سازی: 20 آذر 1398
چکیده مقاله:
Abstract—One of the serious threats to cyberspace is the Bot networks or Botnets. Bots are malicious software that acts as a network and allows hackers to remotely manage and control infected computer victims. Given the fact that DNS is one of the most common protocols in the network and is essential for the proper functioning of the network, it is very useful for monitoring, detecting and reducing the activity of the Botnets. DNS queries are sent in the early stages of the life cycle of each Botnet, so infected hosts are identified before any malicious activity is performed. Because the exchange of information in the network environment and the volume of information is very high, Storing and indexing this massive data requires a large database. By using the DNS traffic analysis, we try to identify the Botnets. We used the data generated from the network traffic and information of known Botnets with the Splunk platform to conduct data analysis to quickly identify attacks and predict potential dangers that could arise. The analysis results were used in tests conducted on real network environments to determine the types of attacks. Visual IP mapping was then used to determine actions that could be taken. The proposed method is capable of recognizing known and unknown Bots.
کلیدواژه ها:
نویسندگان
Zahra Nafarieh
Department of Electrical and Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran.
Ebrahim Mahdipur
Department of Electrical and Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, Iran.
Haj Hamid Haj Seyed Javadi
Department of Mathematics and Computer Science, Shahed University, Tehran, Iran..
مراجع و منابع این مقاله:
لیست زیر مراجع و منابع استفاده شده در این مقاله را نمایش می دهد. این مراجع به صورت کاملا ماشینی و بر اساس هوش مصنوعی استخراج شده اند و لذا ممکن است دارای اشکالاتی باشند که به مرور زمان دقت استخراج این محتوا افزایش می یابد. مراجعی که مقالات مربوط به آنها در سیویلیکا نمایه شده و پیدا شده اند، به خود مقاله لینک شده اند :