Skip to main content
SpringerLink
Log in

Malicious Automatically Generated Domain Name Detection Using Stateful-SBB

  • Conference paper
Book cover Applications of Evolutionary Computation (EvoApplications 2013)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7835))

Included in the following conference series:

Abstract

This work investigates the detection of Botnet Command and Control (C&C) activity by monitoring Domain Name System (DNS) traffic. Detection signatures are automatically generated using evolutionary computation technique based on Stateful-SBB. The evaluation performed shows that the proposed system can work on raw variable length domain name strings with very high accuracy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Feily, M., Shahrestani, A.: A Survey of Botnet and Botnet Detection. Emerging Security Information. In: Emerging Security, Systems and Technologies (2009)

    Google Scholar 

  2. Damballa Inc.:Top 10 Botnet Threats (2010), http://www.damballa.com

  3. McAfee Labs Thread Reports, http://www.mcafee.com/apps/view-all/publications.aspx

  4. Doucette, J., McIntyre, A.R., Lichodzijewski, P., Heywood, M.I.: Symbiotic Coev-olutionary Genetic Programming: A Benchmarking Study Under Large Attribute Spaces. Genetic Programming and Evolvable Machines 13(1), 71–101 (2012)

    Google Scholar 

  5. Vuong, S.T., Alam, M.S.: Advanced Methods for Botnet Intrusion Detection Systems. In: Intrusion Detection Systems. InTech. (2011)

    Google Scholar 

  6. Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M.: A Survey of Botnet Technology and Defense. In: CATCH (2009)

    Google Scholar 

  7. The Role of DNS in Botnet Command & Control. In: Open DNS Inc., Whitepaper (2012)

    Google Scholar 

  8. Zhang, L., Yu, S., Wu, D., Watters, P.: A Survey on Latest Botnet Attack and Defence. In: TrustCom, pp. 53–60 (2001)

    Google Scholar 

  9. Stalmans, E., Irwin, B.: A Framework for DNS Based Detection and Mitigation of Malware Infections on a Network. In: Information Security South Africa (2011)

    Google Scholar 

  10. Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting Algorithmically Generated Domain-Flux Attacks With DNS Traffic Analysis. IEEE/ACM Transaction on Networking 20, 1663–1977 (2012)

    Article  Google Scholar 

  11. Ma, J., Saul, L.K., Savage, S., Voelker, G.: Beyond blacklists: Learning to detect malicious Web sites from suspicious URLs. In: ACM KDD (2009)

    Google Scholar 

  12. Antonakakakis, M., Perdisci, R., Dagon, D.: Building a Dynamic Reputation System for DNS. In: USENIX Security (2010)

    Google Scholar 

  13. Alpaydin, E.: Introduction to Machine Learning. MIT Press (2004)

    Google Scholar 

  14. Abuse: AMaDA, https://palevotracker.abuse.ch/

  15. Abuse: Zeus Tracker, https://zeustracker.abuse.ch/

  16. Alexa, http://www.alexa.com/topsites

  17. Top Level Domain Names, http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1

  18. WEKA, http://www.cs.waikato.ac.nz/ml/weka/

  19. Lichodzikewski, P., Heywood, M.I.: Symbiosis Complexification and Simplicity under GP. In: GECCO (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science, Dalhousie University, Halifax, NS, Canada

    Fariba Haddadi, A. Nur Zincir-Heywood & Malcolm I. Heywood

  2. Glasgow Caledonian University, Scotland, UK

    H. Gunes Kayacik

Authors
  1. Fariba Haddadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. H. Gunes Kayacik
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. Nur Zincir-Heywood
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Malcolm I. Heywood
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. S2 Grupo, C/ Ramiro de Maeztu 7, 46022, Valencia, Spain

    Anna I. Esparcia-Alcázar

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Haddadi, F., Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I. (2013). Malicious Automatically Generated Domain Name Detection Using Stateful-SBB. In: Esparcia-Alcázar, A.I. (eds) Applications of Evolutionary Computation. EvoApplications 2013. Lecture Notes in Computer Science, vol 7835. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37192-9_53

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-37192-9_53

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-37191-2

  • Online ISBN: 978-3-642-37192-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation