Nizar Kheir, F. Tran, Pierrette Caron
Jun 2, 2014
Citations
3
Influential Citations
25
Citations
Journal
Journal name not available for this finding
Abstract
The Domain Name System (DNS) is an essential infrastructure service on the internet. It provides a worldwide mapping between easily memorizable domain names and numerical IP addresses. Today, legitimate users and malicious applications use this service to locate content on the internet. Yet botnets increasingly rely on DNS to connect to their command and control servers. A widespread approach to detect bot infections inside corporate networks is to inspect DNS traffic using domain CC and current blacklist generation algorithms often add innocuous domains that lead to a large number of false positives during detection.