| Presentation | 2015-03-03 A detection system which uses DNS traffic features to detect domains which are related to botnets Wataru TSUDA, Youki KADOBAYASHI, Takeshi OKUDA, Hiroaki HAZEYAMA, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | We face cyber attacks such as illegal money transfer via net-banking, spam mail and DDoS attacks caused by botnet. In this research, we propose a novel detection system called Domain Forest for detecting botnet-related domain names using traffic analysis. Domain Forest system aims to detect not only specific botnet, but also many variations of it. To accomplish this objective, we apply many kinds of features based on periodicity, similarity, simultaneity, rendundancy and locality from DNS response packet. We experimented with one month of real DNS traffic data, and our system achieved 99.24% detection rates and 0.53% false positive rates. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | malware / botnet / dns / machine learning |
| Paper # | ICSS2014-63 |
| Date of Issue |
| Conference Information | |
| Committee | ICSS |
|---|---|
| Conference Date | 2015/2/24(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Information and Communication System Security (ICSS) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A detection system which uses DNS traffic features to detect domains which are related to botnets |
| Sub Title (in English) | |
| Keyword(1) | malware |
| Keyword(2) | botnet |
| Keyword(3) | dns |
| Keyword(4) | machine learning |
| 1st Author's Name | Wataru TSUDA |
| 1st Author's Affiliation | Graduate School of Information Science, Nara Institute of Science and Technology() |
| 2nd Author's Name | Youki KADOBAYASHI |
| 2nd Author's Affiliation | Graduate School of Information Science, Nara Institute of Science and Technology |
| 3rd Author's Name | Takeshi OKUDA |
| 3rd Author's Affiliation | Graduate School of Information Science, Nara Institute of Science and Technology |
| 4th Author's Name | Hiroaki HAZEYAMA |
| 4th Author's Affiliation | Graduate School of Information Science, Nara Institute of Science and Technology |
| Date | 2015-03-03 |
| Paper # | ICSS2014-63 |
| Volume (vol) | vol.114 |
| Number (no) | 489 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |