FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W1561983441> ?p ?o ?g. }

• W1561983441 endingPage "24" @default.
• W1561983441 startingPage "24" @default.
• W1561983441 abstract "Many botnet detection systems employ a blacklist of known command and control (C&C) domains to detect bots and block their traffic. Similar to signature-based virus detection, such a botnet detection approach is static because the blacklist is updated only after running an external (and often manual) process of domain discovery. As a response, botmasters have begun employing domain generation algorithms (DGAs) to dynamically produce a large number of random domain names and select a small subset for actual C&C use. That is, a C&C domain is randomly generated and used for a very short period of time, thus rendering detection approaches that rely on static domain lists ineffective. Naturally, if we know how a domain generation algorithm works, we can generate the domains ahead of time and still identify and block bot-net C&C traffic. The existing solutions are largely based on reverse engineering of the bot malware executables, which is not always feasible.In this paper we present a new technique to detect randomly generated domains without reversing. Our insight is that most of the DGA-generated (random) domains that a bot queries would result in Non-Existent Domain (NXDomain) responses, and that bots from the same bot-net (with the same DGA algorithm) would generate similar NXDomain traffic. Our approach uses a combination of clustering and classification algorithms. The clustering algorithm clusters domains based on the similarity in the make-ups of domain names as well as the groups of machines that queried these domains. The classification algorithm is used to assign the generated clusters to models of known DGAs. If a cluster cannot be assigned to a known model, then a new model is produced, indicating a new DGA variant or family. We implemented a prototype system and evaluated it on real-world DNS traffic obtained from large ISPs in North America. We report the discovery of twelve DGAs. Half of them are variants of known (botnet) DGAs, and the other half are brand new DGAs that have never been reported before." @default.
• W1561983441 created "2016-06-24" @default.
• W1561983441 creator A5034623242 @default.
• W1561983441 creator A5035849898 @default.
• W1561983441 creator A5040090212 @default.
• W1561983441 creator A5045784124 @default.
• W1561983441 creator A5047140382 @default.
• W1561983441 creator A5067105657 @default.
• W1561983441 creator A5071832270 @default.
• W1561983441 date "2012-08-08" @default.
• W1561983441 modified "2023-09-29" @default.
• W1561983441 title "From throw-away traffic to bots: detecting the rise of DGA-based malware" @default.
• W1561983441 cites W1512251782 @default.
• W1561983441 cites W155384935 @default.
• W1561983441 cites W1583098994 @default.
• W1561983441 cites W1585610988 @default.
• W1561983441 cites W1775772884 @default.
• W1561983441 cites W1828150029 @default.
• W1561983441 cites W1875112053 @default.
• W1561983441 cites W1881647329 @default.
• W1561983441 cites W191098608 @default.
• W1561983441 cites W19161399 @default.
• W1561983441 cites W1954903228 @default.
• W1561983441 cites W196740607 @default.
• W1561983441 cites W1989401787 @default.
• W1561983441 cites W2024228866 @default.
• W1561983441 cites W2028911408 @default.
• W1561983441 cites W2100307718 @default.
• W1561983441 cites W2104209065 @default.
• W1561983441 cites W2111427271 @default.
• W1561983441 cites W2114590627 @default.
• W1561983441 cites W2124868070 @default.
• W1561983441 cites W2125838338 @default.
• W1561983441 cites W2136495567 @default.
• W1561983441 cites W2148323889 @default.
• W1561983441 cites W2165874743 @default.
• W1561983441 cites W2170214103 @default.
• W1561983441 cites W2280775762 @default.
• W1561983441 cites W2296396094 @default.
• W1561983441 cites W2401054255 @default.
• W1561983441 cites W2487087946 @default.
• W1561983441 cites W3119603699 @default.
• W1561983441 hasPublicationYear "2012" @default.
• W1561983441 type Work @default.
• W1561983441 sameAs 1561983441 @default.
• W1561983441 citedByCount "87" @default.
• W1561983441 countsByYear W15619834412013 @default.
• W1561983441 countsByYear W15619834412014 @default.
• W1561983441 countsByYear W15619834412015 @default.
• W1561983441 countsByYear W15619834412016 @default.
• W1561983441 countsByYear W15619834412017 @default.
• W1561983441 countsByYear W15619834412018 @default.
• W1561983441 countsByYear W15619834412019 @default.
• W1561983441 countsByYear W15619834412020 @default.
• W1561983441 countsByYear W15619834412021 @default.
• W1561983441 crossrefType "proceedings-article" @default.
• W1561983441 hasAuthorship W1561983441A5034623242 @default.
• W1561983441 hasAuthorship W1561983441A5035849898 @default.
• W1561983441 hasAuthorship W1561983441A5040090212 @default.
• W1561983441 hasAuthorship W1561983441A5045784124 @default.
• W1561983441 hasAuthorship W1561983441A5047140382 @default.
• W1561983441 hasAuthorship W1561983441A5067105657 @default.
• W1561983441 hasAuthorship W1561983441A5071832270 @default.
• W1561983441 hasConcept C110875604 @default.
• W1561983441 hasConcept C111919701 @default.
• W1561983441 hasConcept C119857082 @default.
• W1561983441 hasConcept C124101348 @default.
• W1561983441 hasConcept C134306372 @default.
• W1561983441 hasConcept C136764020 @default.
• W1561983441 hasConcept C154945302 @default.
• W1561983441 hasConcept C160145156 @default.
• W1561983441 hasConcept C22735295 @default.
• W1561983441 hasConcept C2781345505 @default.
• W1561983441 hasConcept C2988987868 @default.
• W1561983441 hasConcept C33923547 @default.
• W1561983441 hasConcept C35525427 @default.
• W1561983441 hasConcept C36503486 @default.
• W1561983441 hasConcept C38652104 @default.
• W1561983441 hasConcept C41008148 @default.
• W1561983441 hasConcept C506615639 @default.
• W1561983441 hasConcept C541664917 @default.
• W1561983441 hasConcept C73555534 @default.
• W1561983441 hasConcept C76155785 @default.
• W1561983441 hasConceptScore W1561983441C110875604 @default.
• W1561983441 hasConceptScore W1561983441C111919701 @default.
• W1561983441 hasConceptScore W1561983441C119857082 @default.
• W1561983441 hasConceptScore W1561983441C124101348 @default.
• W1561983441 hasConceptScore W1561983441C134306372 @default.
• W1561983441 hasConceptScore W1561983441C136764020 @default.
• W1561983441 hasConceptScore W1561983441C154945302 @default.
• W1561983441 hasConceptScore W1561983441C160145156 @default.
• W1561983441 hasConceptScore W1561983441C22735295 @default.
• W1561983441 hasConceptScore W1561983441C2781345505 @default.
• W1561983441 hasConceptScore W1561983441C2988987868 @default.
• W1561983441 hasConceptScore W1561983441C33923547 @default.
• W1561983441 hasConceptScore W1561983441C35525427 @default.
• W1561983441 hasConceptScore W1561983441C36503486 @default.
• W1561983441 hasConceptScore W1561983441C38652104 @default.

• next