A new information technology for botnets detection based on the analysis of the botnets' behaviour in the corporate area network is proposed. Botnets detection is performing combining two ways: using network-level...
详细信息
ISBN:
(纸本)9783319597676
A new information technology for botnets detection based on the analysis of the botnets' behaviour in the corporate area network is proposed. Botnets detection is performing combining two ways: using network-level and host-level analysis. One approach makes it possible to analyze the behaviour of the software in the host, which may indicate the possible presence of bot directly in the host and identify malicious software, and another one involves monitoring and analyzing the DNS-traffic, which allows making conclusion about network hosts' infections with bot of the botnet. Based on this information technology an effective botnets detection tool BotGRABBER was constructed. It is able to detect bots, that use such evasion techniques as cycling of IP mapping, "domain flux", "fast flux", DNS-tunneling. Usage of the developed system makes it possible to detect infected hosts by bots of the botnets with high efficiency.
暂无评论