{"title":"基于DNS查询行为的物联网僵尸网络检测","authors":"Chun-I Fan, Cheng-Han Shie, Che-Ming Hsu, Tao Ban, Tomohiro Morikawa, Takeshi Takahashi","doi":"10.1109/DSC54232.2022.9888913","DOIUrl":null,"url":null,"abstract":"In recent years, the Botnet attacks towards the Internet of Things have been considered to be the attacks with the most extensive impact on internet infrastructure. Many well-known enterprises or organizations have become victims. The Internet of Things Botnet uses a large number of connected devices to attack a target. For example, infected devices can be used to perform DDoS attacks on certain (critical) network servers. Before the infected hosts receive any commands, they must obtain the IP address of the control and command server. Hence, there are lots of behaviors and information of IoT Botnet hiding in the DNS traffic. Considering that situation, we utilize features captured from the DNS queries to analyze whether IoT Botnet has infected a device or not. We found that the DNS queries of an infected device will be issued in a specific periodical time frequency. Based on the features, a novel IoT Bonet detection scheme is presented in the manuscript. As compared to other works, the proposed scheme significantly reduces the computation cost by applying Shannon's entropy and the variances among the DNS queries.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"IoT Botnet Detection Based on the Behaviors of DNS Queries\",\"authors\":\"Chun-I Fan, Cheng-Han Shie, Che-Ming Hsu, Tao Ban, Tomohiro Morikawa, Takeshi Takahashi\",\"doi\":\"10.1109/DSC54232.2022.9888913\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, the Botnet attacks towards the Internet of Things have been considered to be the attacks with the most extensive impact on internet infrastructure. Many well-known enterprises or organizations have become victims. The Internet of Things Botnet uses a large number of connected devices to attack a target. For example, infected devices can be used to perform DDoS attacks on certain (critical) network servers. Before the infected hosts receive any commands, they must obtain the IP address of the control and command server. Hence, there are lots of behaviors and information of IoT Botnet hiding in the DNS traffic. Considering that situation, we utilize features captured from the DNS queries to analyze whether IoT Botnet has infected a device or not. We found that the DNS queries of an infected device will be issued in a specific periodical time frequency. Based on the features, a novel IoT Bonet detection scheme is presented in the manuscript. As compared to other works, the proposed scheme significantly reduces the computation cost by applying Shannon's entropy and the variances among the DNS queries.\",\"PeriodicalId\":368903,\"journal\":{\"name\":\"2022 IEEE Conference on Dependable and Secure Computing (DSC)\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-06-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE Conference on Dependable and Secure Computing (DSC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSC54232.2022.9888913\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSC54232.2022.9888913","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
IoT Botnet Detection Based on the Behaviors of DNS Queries
In recent years, the Botnet attacks towards the Internet of Things have been considered to be the attacks with the most extensive impact on internet infrastructure. Many well-known enterprises or organizations have become victims. The Internet of Things Botnet uses a large number of connected devices to attack a target. For example, infected devices can be used to perform DDoS attacks on certain (critical) network servers. Before the infected hosts receive any commands, they must obtain the IP address of the control and command server. Hence, there are lots of behaviors and information of IoT Botnet hiding in the DNS traffic. Considering that situation, we utilize features captured from the DNS queries to analyze whether IoT Botnet has infected a device or not. We found that the DNS queries of an infected device will be issued in a specific periodical time frequency. Based on the features, a novel IoT Bonet detection scheme is presented in the manuscript. As compared to other works, the proposed scheme significantly reduces the computation cost by applying Shannon's entropy and the variances among the DNS queries.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
