Abstract
We discovered and reverse engineered Feederbot, a botnet that uses DNS as carrier for its command and control. Using k-Means clustering and a Euclidean Distance based classifier, we correctly classified more than 14m DNS transactions of 42,143 malware samples concerning DNS-C&C usage, revealing another bot family with DNS C&C. In addition, we correctly detected DNS C&C in mixed office workstation network traffic.
Original language | English |
---|---|
Title of host publication | 2011 7th European Conference on Computer Network Defense, EC2ND 2011 (Proceedings) |
Publisher | IEEE |
Pages | 9-16 |
Number of pages | 8 |
ISBN (Print) | 9780769547626 |
DOIs | |
Publication status | Published - 13 Dec 2012 |
Event | 2011 7th European Conference on Computer Network Defense, EC2ND 2011 - Gothenburg, Sweden Duration: 6 Sept 2011 → 7 Sept 2011 |
Conference
Conference | 2011 7th European Conference on Computer Network Defense, EC2ND 2011 |
---|---|
Country/Territory | Sweden |
City | Gothenburg |
Period | 6/09/11 → 7/09/11 |
Keywords
- botnet detection
- command and control
- dns
- malware detection