Detecting algorithmically generated malicious domain names

Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Volumn , Issue , 2010, Pages 48-61

  Yadav, Sandeep ^a   Reddy, Ashwath K K ^a   Reddy, A L Narasimha ^a   Ranjan, Supranamaya ^b  

^a Texas AandM University   (United States)

^b Narus Inc   (United States)

Author keywords

Components; Domain flux; Domain names; Edit distance; Entropy; IP Fast Flux; Jaccard Index; Malicious

Indexed keywords

ENTROPY; INTERNET PROTOCOLS;

BOTNETS; COMPONENT; DOMAIN FLUXES; DOMAIN NAMES; DOMAIN-FLUXING; EDIT DISTANCE; FAST FLUX; IP FAST FLUX; JACCARD INDEX; MALICIOUS;

BOTNET;

EID: 78650869579     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1879141.1879148     Document Type: Conference Paper

References (34)

1. Botlab. http://botlab.cs.washington.edu/.
2. Mcafee site advisor. http://www.siteadvisor.com.
3. On kraken and bobax botnets. http://www.damballa.com/downloads/r-pubs/ Kraken-Response.pdf.
4. On the kraken and bobax botnets. http://www.damballa.com/downloads/r- pubs/Kraken-Response.pdf.
5. Pc tools experts crack new kraken. http://www.pctools.com/news/view/id/ 202/.
6. Twitter api still attracts hackers. http://blog.unmaskparasites.com/2009/ 12/09/twitter-api-still-attracts-hackers/.
7. Web of trust. http://mywot.com.
8. Win32/hamewq. http: //www.microsoft.com/security/portal/Threat/ Encyclopedia/Entry.aspx?Name=Win32/Hamweq.
9. Yahoo webspam database. http://barcelona.research.yahoo.net/webspam/ datasets/uk2007/.
10. A. Bratko, G. V. Cormack, B. Filipic, T. R. Lynam, and B. Zupan. Spam filtering using statistical data compression models. Journal of Machine Learning Research 7, 2006.
11. T. Cover and J. Thomas. Elements of information theory. Wiley, 2006.
12. H. Crawford and J. Aycock. Kwyjibo: Automatic Domain Name Generation. In Software Practice and Experience, John Wiley & Sons, Ltd., 2008.
13. S. Gianvecchio, M. Xie, Z. Wu, and H. Wang. Measurement and Classification of Humans and Bots in Internet Chat. In Proceedings of the 17th USENIX Security Symposium (Security '08), 2008.
14. G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering Analysis of Network Traffic for Protocoland Structure-independent Botnet Detection. Proceedings of the 17th USENIX Security Symposium (Security'08), 2008.
15. G. Gu, J. Zhang, and W. Lee. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. Proc. of the 15th Annual Network and Distributed System Security Symposium (NDSS'08), Feb. 2008.
16. T. Holz, M. Steiner, F. Dahl, E. W. Biersack, and F. Freiling. Measurements and Mitigation of Peer-to-peer-based Botnets: A Case Study on Storm Worm. In First Usenix Workshop on Large-scale Exploits and Emergent Threats (LEET), April 2008.
17. S. S. J. Ma, L.K. Saul and G. Voelker. Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs. Proc. of ACM KDD, July 2009.
18. R. T. Jerome Friedman, Trevor Hastie. glmnet: Lasso and Elastic-net Regularized Generalized Linear Models. Technical report.
19. J. P. John, A. MoshChuck, S. D. Gribble, and A. Krishnamurthy. Studying Spamming Botnets Using Botlab. Proc. of NSDI, 2009.
20. M. Konte, N. Feamster, and J. Jung. Dynamics of Online Scam Hosting Infrastructure. Passive and Active Measurement Conference, 2009.
21. C. D. Manning, P. Raghavan, and H. Schutze. An Information to Information Retrieval. Cambridge University Press, 2009.
22. D. K. McGrath and M. Gupta. Behind Phishing: An Examination of Phisher Modi Operandi. Proc. of USENIX workshop on Large-scale Exploits and Emergent Threats (LEET), Apr. 2008.
23. E. Passerini, R. Paleari, L. Martignoni, and D. Bruschi. Fluxor : Detecting and Monitoring Fast-flux Service Networks. Detection of Intrusions and Malware, and Vulnerability Assessment, 2008.
24. R. Perdisci, I. Corona, D. Dagon, and W. Lee. Detecting Malicious Flux Service Networks Through Passive Analysis of Recursive DNS Traces. In Annual Computer Society Security Applications Conference (ACSAC), dec 2009.
25. R. Perdisci, G. Gu, and W. Lee. Using an Ensemble of One-class SVM Classifiers to Harden Payload-based Anomaly Detection Systems. In Proceedings of the IEEE International Conference on Data Mining (ICDM '06), 2006.
26. P. Porras, H.Saidi, and V. Yegneswaran. Conflicker C P2P Protocol and Implementation. SRI International Tech. Report, Sep. 2009.
27. P. Porras, H. Saidi, and V. Yegneswaran. An Analysis of Conficker's Logic and Rendezvous Points. Technical report, mar 2009.
28. P. Porras, H. Saidi, and V. Yegneswaran. Conficker C Analysis. Technical report, apr 2009.
29. J. Stewart. Inside the Storm: Protocols and Encryption of the Storm Botnet. Black Hat Technical Security Conference, USA, 2008.
30. B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna. Your Botnet is my Botnet: Analysis of a Botnet Takeover. In ACM Conference on Computer and Communications Security (CCS), nov 2009.
31. H. L. V. Trees. Detection, Estimation and Modulation Theory. Wiley, 2001.
32. I. Trestian, S. Ranjan, A. Kuzmanovic, and A. Nucci. Unconstrained Endpoint Profiling: Googling the Internet. In ACM SIGCOMM, aug 2008.
33. Y. Xie, F. Yu, K. Achan, R. Panigrahy, G. Hulten, and I. Osipkov. Spamming Botnets: Signatures and Characteristics. ACM SIGCOMM Computer Communication Review, 2008.
34. Y. Zhao, Y. Xie, F. Yu, Q. Ke, Y. Yu, Y. Chen, and E. Gillum. Botgraph: Large Scale Spamming Botnet Detection. USENIX Symposium on Networked Systems and Design Implementation (NSDI '09), 2009.