4
views
0
recommends
+1 Recommend
0 collections
    0
    shares
      • Record: found
      • Abstract: found
      • Article: found
      Is Open Access

      Encrypted and Covert DNS Queries for Botnets: Challenges and Countermeasures

      Preprint
      , ,

      Read this article at

      Bookmark
          There is no author summary for this article yet. Authors can add summaries to their articles on ScienceOpen to make them more accessible to a non-specialist audience.

          Abstract

          There is a continuous increase in the sophistication that modern malware exercise in order to bypass the deployed security mechanisms. A typical approach to evade the identification and potential takedown of a botnet command and control server is domain fluxing through the use of Domain Generation Algorithms (DGAs). These algorithms produce a vast amount of domain names that the infected device tries to communicate with to find the C&C server, yet only a small fragment of them is actually registered. This allows the botmaster to pivot the control and make the work of seizing the botnet control rather difficult. Current state of the art and practice considers that the DNS queries performed by a compromised device are transparent to the network administrator and therefore can be monitored, analysed, and blocked. In this work, we showcase that the latter is a strong assumption as malware could efficiently hide its DNS queries using covert and/or encrypted channels bypassing the detection mechanisms. To this end, we discuss possible mitigation measures based on traffic analysis to address the new challenges that arise f

          Related collections

          Most cited references19

          • Record: found
          • Abstract: not found
          • Article: not found

          DDoS in the IoT: Mirai and Other Botnets

            Bookmark
            • Record: found
            • Abstract: not found
            • Article: not found

            The Economics of Online Crime

              Bookmark
              • Record: found
              • Abstract: not found
              • Article: not found

              Detecting Algorithmically Generated Domain-Flux Attacks With DNS Traffic Analysis

                Bookmark

                Author and article information

                Journal
                16 September 2019
                Article
                10.1016/j.cose.2019.101614
                1909.07099
                bec84736-2070-463a-8711-0851351fc376

                http://arxiv.org/licenses/nonexclusive-distrib/1.0/

                Custom metadata
                cs.CR

                Security & Cryptology
                Security & Cryptology

                Comments

                Comment on this article