Detecting Botnet Activities Based on Abnormal DNS Traffic
Source: Universiti Sains Malaysia
The botnet is considered as a critical issue of the Internet due to its fast growing mechanism and affect. Recently, Botnets have utilized the DNS and query DNS server just like any legitimate hosts. In this case, it is difficult to distinguish between the legitimate DNS traffic and illegitimate DNS traffic. It is important to build a suitable solution for botnet detection in the DNS traffic and consequently protect the network from the malicious Botnets activities. In this paper, a simple mechanism is proposed to monitor the DNS traffic and detect the abnormal DNS traffic issued by the botnet based on the fact that botnets appear as a group of hosts periodically.