Thriving on chaos: Proactive detection of command and control domains in internet of things-scale botnets using DRIFT
- Authors
- Spaulding, J.; Park, J.; Kim, J.; Nyang, D.; Mohaisen, A.
- Issue Date
- Apr-2019
- Publisher
- WILEY-BLACKWELL
- Citation
- TRANSACTIONS ON EMERGING TELECOMMUNICATIONS TECHNOLOGIES, v.30, no.4
- Journal Title
- TRANSACTIONS ON EMERGING TELECOMMUNICATIONS TECHNOLOGIES
- Volume
- 30
- Number
- 4
- URI
- https://scholarworks.bwise.kr/cau/handle/2019.sw.cau/1890
- DOI
- 10.1002/ett.3505
- ISSN
- 2161-3915
- Abstract
- In this paper, we introduce DRIFT, a system for detecting command and control (C2) domain names in Internet of Things–scale botnets. Using an intrinsic feature of malicious domain name queries prior to their registration (perhaps due to clock drift), we devise a difference-based lightweight feature for malicious C2 domain name detection. Using NXDomain query and response of a popular malware, we establish the effectiveness of our detector with 99% accuracy and as early as more than 48 hours before they are registered. Our technique serves as a tool of detection where other techniques relying on entropy or domain generating algorithms reversing are impractical. © 2018 John Wiley & Sons, Ltd.
- Files in This Item
-
- Appears in
Collections - College of Software > School of Computer Science and Engineering > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.