Getting Prepared for the Next Botnet Attack: Detecting Algorithmically Generated Domains in Botnet Command and Control
Abstract
Abstract—This paper highlights the high noise to signal ratio that DNS traffic poses to network defense’ incident detection and response, and the broader topic of the critical time component required from intrusion... [ view full abstract ]
Abstract—This paper highlights the high noise to signal ratio that DNS traffic poses to network defense’ incident detection and response, and the broader topic of the critical time component required from intrusion detection for actionable security intelligence. Nowhere is this truer than in the monitoring and interception of malware command and control communications hidden amongst benign DNS internet traffic. Global ransomware and malware families were responsible for over 5 billion USD in losses. In 4 days Reaper, a Mirai variant, infected 2.7m nodes. The scale of malware infections outstrips information security blacklisting ability to keep pace. Machine learning techniques, such as CLIP, provide the ability to detect malware traffic to malicious command and control domains with high reliability using lexical properties and semantic patterns in algorithmically generated domain names.
Authors
-
tim kelley
(Letterkenny Institute of Technology)
-
Eoghan Furey
(Letterkenny Institute of Technology)
Topic Areas
AI and Machine Learning , Cyber security , Network Security
Session
Th1b » Cybersecurity I (10:30 - Thursday, 21st June, 02.016 (Ashby))
Presentation Files
The presenter has not uploaded any presentation files.