Classification of dga botnet detection techniques based on dns traffic and parallel detection technique for dga botnet

Abstract

Botnets like torpig, conficker, gameover zeus, etc., use domain generation algorithm (DGA) for hiding its identity and protect itself from being detected. For the successful working of botnet, botmaster has to send and receive commands to the bots through command and control (C&C) server. In the case of DGA botnet, bots use DGA to reach the C&C server. Since the domain name of C&C server changes from time to time, detection of DGA botnet becomes difficult. Existing DGA bot detection techniques have high false positive rate, more time complexity and require human intervention to carry out the detection. Therefore, the proposed work uses genetic algorithm and parallel detection technique for DGA botnet detection. Genetic algorithm considers the dynamicity of the DGA botnet; hence, it reduces the false positive rate and also eliminates the need of human intervention. The parallel detection in the proposed work helps in reducing the time complexity. The proposed work also gives the taxonomy of DGA botnet detection techniques based on domain name system (DNS) traffic.