Thriving on chaos: Proactive detection of command and control domains in internet of things‐scale botnets using DRIFT. Issue 4 (29th August 2018)
- Record Type:
- Journal Article
- Title:
- Thriving on chaos: Proactive detection of command and control domains in internet of things‐scale botnets using DRIFT. Issue 4 (29th August 2018)
- Main Title:
- Thriving on chaos: Proactive detection of command and control domains in internet of things‐scale botnets using DRIFT
- Authors:
- Spaulding, Jeffrey
Park, Jeman
Kim, Joongheon
Nyang, DaeHun
Mohaisen, Aziz - Abstract:
- Abstract: In this paper, we introduce DRIFT, a system for detecting command and control (C2) domain names in Internet of Things–scale botnets. Using an intrinsic feature of malicious domain name queries prior to their registration (perhaps due to clock drift), we devise a difference‐based lightweight feature for malicious C2 domain name detection. Using NXDomain query and response of a popular malware, we establish the effectiveness of our detector with 99% accuracy and as early as more than 48 hours before they are registered. Our technique serves as a tool of detection where other techniques relying on entropy or domain generating algorithms reversing are impractical. Abstract : We introduce DRIFT, a system for detecting command and control (C2) domain names in Internet of Things (IoT)–scale botnets. Using an intrinsic feature of malicious domain name queries prior to their registration (perhaps due to clock drift), we devise a difference‐based lightweight feature for malicious C2 domain name detection. Using NXDomain query and response of a popular malware, we establish the effectiveness of our detector with 99% accuracy and as early as more than 48 hours before they are registered.
- Is Part Of:
- Transactions on emerging telecommunications technologies. Volume 30:Issue 4(2019)
- Journal:
- Transactions on emerging telecommunications technologies
- Issue:
- Volume 30:Issue 4(2019)
- Issue Display:
- Volume 30, Issue 4 (2019)
- Year:
- 2019
- Volume:
- 30
- Issue:
- 4
- Issue Sort Value:
- 2019-0030-0004-0000
- Page Start:
- n/a
- Page End:
- n/a
- Publication Date:
- 2018-08-29
- Subjects:
- Telecommunication -- Periodicals
384.05 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1541-8251 ↗
http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)2161-3915 ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/ett.3505 ↗
- Languages:
- English
- ISSNs:
- 2161-5748
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 9832.xml