Fan et al., 2022 - Google Patents
IoT botnet detection based on the behaviors of DNS queriesFan et al., 2022
- Document ID
- 9462879230520290895
- Author
- Fan C
- Shie C
- Hsu C
- Ban T
- Morikawa T
- Takahashi T
- Publication year
- Publication venue
- 2022 IEEE Conference on Dependable and Secure Computing (DSC)
External Links
Snippet
In recent years, the Botnet attacks towards the Internet of Things have been considered to be the attacks with the most extensive impact on internet infrastructure. Many well-known enterprises or organizations have become victims. The Internet of Things Botnet uses a …
- 230000006399 behavior 0 title abstract description 35
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L29/00—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
- H04L29/12—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
- H04L29/12009—Arrangements for addressing and naming in data networks
- H04L29/12047—Directories; name-to-address mapping
- H04L29/12056—Directories; name-to-address mapping involving standard directories and standard directory access protocols
- H04L29/12066—Directories; name-to-address mapping involving standard directories and standard directory access protocols using Domain Name System [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements or network protocols for addressing or naming
- H04L61/15—Directories; Name-to-address mapping
- H04L61/1505—Directories; Name-to-address mapping involving standard directories or standard directory access protocols
- H04L61/1511—Directories; Name-to-address mapping involving standard directories or standard directory access protocols using domain name system [DNS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L29/00—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
- H04L29/12—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
- H04L29/12009—Arrangements for addressing and naming in data networks
- H04L29/12792—Details
- H04L29/1282—Proxying of addresses
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kumar et al. | Machine learning-based early detection of IoT botnets using network-edge traffic | |
| Bagui et al. | Using machine learning techniques to identify rare cyber‐attacks on the UNSW‐NB15 dataset | |
| Choi et al. | Identifying botnets by capturing group activities in DNS traffic | |
| Al-Hammadi et al. | DCA for bot detection | |
| Hofstede et al. | Flow-based web application brute-force attack and compromise detection | |
| Patel et al. | Network Anomaly Detection inside Consumer Networks—A Hybrid Approach. | |
| Rahbarinia et al. | Peerrush: Mining for unwanted p2p traffic | |
| Dwyer et al. | Profiling iot-based botnet traffic using dns | |
| Lu et al. | BotCop: An online botnet traffic classifier | |
| Khan et al. | A hybrid technique to detect botnets, based on P2P traffic similarity | |
| Thomas | Improving intrusion detection for imbalanced network traffic | |
| Jia et al. | A novel real‐time ddos attack detection mechanism based on MDRA algorithm in big data | |
| Mangrulkar et al. | Network attacks and their detection mechanisms: A review | |
| Lazar et al. | IMDoC: identification of malicious domain campaigns via DNS and communicating files | |
| Jiang et al. | Novel intrusion prediction mechanism based on honeypot log similarity | |
| Garasia et al. | HTTP botnet detection using frequent patternset mining | |
| Yang et al. | Detecting DNS tunnels using session behavior and random forest method | |
| Bao et al. | Using passive DNS to detect malicious domain name | |
| Moure-Garrido et al. | Real time detection of malicious DoH traffic using statistical analysis | |
| Nalavade et al. | Mining association rules to evade network intrusion in network audit data | |
| Ongun et al. | PORTFILER: port-level network profiling for self-propagating malware detection | |
| Rosenthal et al. | ARBA: Anomaly and reputation based approach for detecting infected IoT devices | |
| Lah et al. | Proposed framework for network lateral movement detection based on user risk scoring in siem | |
| Haddadi et al. | Botnet behaviour analysis: How would a data analytics‐based system with minimum a priori information perform? | |
| Ozery et al. | Information based heavy hitters for real-time DNS data exfiltration detection |