{"title":"为下一次僵尸网络攻击做好准备:检测僵尸网络命令和控制中的算法生成域","authors":"Tim Kelley, Eoghan Furey","doi":"10.1109/ISSC.2018.8585344","DOIUrl":null,"url":null,"abstract":"This paper highlights the high noise to signal ratio that DNS traffic poses to network defense’ incident detection and response, and the broader topic of the critical time component required from intrusion detection for actionable security intelligence. Nowhere is this truer than in the monitoring and interception of malware command and control communications hidden amongst benign DNS internet traffic. Global ransomware and malware families were responsible for over 5 billion USD in losses. In 4 days Reaper, a Mirai variant, infected 2.7m nodes. The scale of malware infections outstrips information security blacklisting ability to keep pace. Machine learning techniques, such as CLIP, provide the ability to detect malware traffic to malicious command and control domains with high reliability using lexical properties and semantic patterns in algorithmically generated domain names.","PeriodicalId":174854,"journal":{"name":"2018 29th Irish Signals and Systems Conference (ISSC)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Getting Prepared for the Next Botnet Attack : Detecting Algorithmically Generated Domains in Botnet Command and Control\",\"authors\":\"Tim Kelley, Eoghan Furey\",\"doi\":\"10.1109/ISSC.2018.8585344\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper highlights the high noise to signal ratio that DNS traffic poses to network defense’ incident detection and response, and the broader topic of the critical time component required from intrusion detection for actionable security intelligence. Nowhere is this truer than in the monitoring and interception of malware command and control communications hidden amongst benign DNS internet traffic. Global ransomware and malware families were responsible for over 5 billion USD in losses. In 4 days Reaper, a Mirai variant, infected 2.7m nodes. The scale of malware infections outstrips information security blacklisting ability to keep pace. Machine learning techniques, such as CLIP, provide the ability to detect malware traffic to malicious command and control domains with high reliability using lexical properties and semantic patterns in algorithmically generated domain names.\",\"PeriodicalId\":174854,\"journal\":{\"name\":\"2018 29th Irish Signals and Systems Conference (ISSC)\",\"volume\":\"68 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 29th Irish Signals and Systems Conference (ISSC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISSC.2018.8585344\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 29th Irish Signals and Systems Conference (ISSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSC.2018.8585344","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Getting Prepared for the Next Botnet Attack : Detecting Algorithmically Generated Domains in Botnet Command and Control
This paper highlights the high noise to signal ratio that DNS traffic poses to network defense’ incident detection and response, and the broader topic of the critical time component required from intrusion detection for actionable security intelligence. Nowhere is this truer than in the monitoring and interception of malware command and control communications hidden amongst benign DNS internet traffic. Global ransomware and malware families were responsible for over 5 billion USD in losses. In 4 days Reaper, a Mirai variant, infected 2.7m nodes. The scale of malware infections outstrips information security blacklisting ability to keep pace. Machine learning techniques, such as CLIP, provide the ability to detect malware traffic to malicious command and control domains with high reliability using lexical properties and semantic patterns in algorithmically generated domain names.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
