{"title":"Host-Level Botnet Detection via Internet DNS Traffic Analysis Using Neural Networks","authors":"H. G. Mohan, Jalesh Kumar, M. Nandish","doi":"10.1002/itl2.70101","DOIUrl":null,"url":null,"abstract":"<div>\n \n <p>Botnets remain one of the most significant threats in Internet security, performing large-scale attacks such as distributed denial of service (DDoS), data exfiltration, and financial fraud. Detecting botnet activity at the host level is crucial for early mitigation, particularly by analyzing anomalies in domain name system (DNS) query sequences. This study proposes a deep learning-based DNS sequence analysis that leverages Bidirectional Gated Recurrent Units (BiGRU) to identify deviations in DNS query behavior indicative of botnet activity. The model learns temporal patterns in DNS sequences, distinguishing legitimate traffic from botnet-generated queries by capturing contextual dependencies over time. The proposed approach is trained and evaluated on a UNSW-NB15 dataset. The performance assessment of the proposed model demonstrates its effectiveness in detecting botnets with an accuracy of 99.22%. The comparative analysis with the existing approaches highlights the improvements in detection accuracy with a low misclassification rate.</p>\n </div>","PeriodicalId":100725,"journal":{"name":"Internet Technology Letters","volume":"8 5","pages":""},"PeriodicalIF":0.5000,"publicationDate":"2025-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet Technology Letters","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/itl2.70101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 0
Abstract
Botnets remain one of the most significant threats in Internet security, performing large-scale attacks such as distributed denial of service (DDoS), data exfiltration, and financial fraud. Detecting botnet activity at the host level is crucial for early mitigation, particularly by analyzing anomalies in domain name system (DNS) query sequences. This study proposes a deep learning-based DNS sequence analysis that leverages Bidirectional Gated Recurrent Units (BiGRU) to identify deviations in DNS query behavior indicative of botnet activity. The model learns temporal patterns in DNS sequences, distinguishing legitimate traffic from botnet-generated queries by capturing contextual dependencies over time. The proposed approach is trained and evaluated on a UNSW-NB15 dataset. The performance assessment of the proposed model demonstrates its effectiveness in detecting botnets with an accuracy of 99.22%. The comparative analysis with the existing approaches highlights the improvements in detection accuracy with a low misclassification rate.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
