Print Email Facebook Twitter Popularity-based Detection of Domain Generation Algorithms Title Popularity-based Detection of Domain Generation Algorithms: Or: How to detect botnets? Author Abbink, Jasper (TU Delft Electrical Engineering, Mathematics and Computer Science; TU Delft Cyber Security) Contributor Doerr, Christian (mentor) van der Lubbe, Jan (graduation committee) Liem, Cynthia (graduation committee) Degree granting institution Delft University of Technology Date 2017-09-19 Abstract In order to stay undetected and keep their operations alive, cyber criminals are continuously evolving their methods to stay ahead of current best defense practices. Over the past decade, botnets have developed from using statically hardcoded IP addresses and domain names to randomly-generated ones, so-called domain generation algorithms (DGA). Malicious software coordinated via DGAs leaves however a distinctive signature in network traces of high entropy domain names, and a variety of algorithms have been introduced to detect certain aspects about currently used DGAs.Today's detection mechanisms are evaluated for botnets that make the next obvious evolutionary step, and replace domain names generated from random letters with randomly selected, but actual dictionary words. It can be seen that the performance of state-of-the-art solutions that rely on linguistic feature detection would significantly decline after this transition, and an alternative novel approach to detect DGAs without making any assumptions on the internal structure and generating patterns of these algorithms is proposed. Subject domain-generation algorithmDNS traffic analysis To reference this document use: http://resolver.tudelft.nl/uuid:17245d31-4cbe-4f25-b92a-5b8bb481a85a Part of collection Student theses Document type master thesis Rights © 2017 Jasper Abbink Files PDF thesis.pdf 1.67 MB Close viewer /islandora/object/uuid:17245d31-4cbe-4f25-b92a-5b8bb481a85a/datastream/OBJ/view