5 lines
1.3 KiB
TeX
5 lines
1.3 KiB
TeX
\section*{Abstract}
|
|
\label{sec:Abstract}
|
|
|
|
In recent years, botnet authors have discovered another approach to financially benefit from their malicious networks. Ransomware like CryptoLocker and WannaCry infected hundreds of thousands of machines within days and encrypted data from both companies and individuals. To build those network structures malware authors are leveraging the Domain Name System (DNS). Previous work such as \textit{Notos} \fsCite{Antonakakis:2010:BDR:1929820.1929844}, \textit{Exposure} \fsCite{Bilge11exposure:finding} and \fsCite{Antonakakis:2011:DMD:2028067.2028094} has shown that characteristics of how DNS resources are allocated can distinguish legitimate from malicious usage. This work evaluates different approaches that use machine learning and passive DNS data to detect domains used for malicious activites in an early stage before their maliciousness becomes widely known and traditional approaches can stop further propagation of the malware. By combining the advantages of different approaches, a proof-of-concept implementation of a dynamic domain reputation scoring algorithm has been developed. This work proposes an implementation that is using a passive DNS database and that has been optimised to efficiently handle large amounts of traffic.
|