Innovative Information Science & Technology Research Group (ISYOU)
In recent years, an increasing number of botnets use Domain Generation Algorithms (DGAs) to bypass botnet detection systems. DGAs, also referred as \"Domain fluxing\", has been used since 2004 for botnet controllers, and now become an emerging trend for malware. It can dynamically and frequently generate a large number of random domain names which are used to prevent security systems from detecting and blocking. In this paper, the authors present a new technique to detect DGAs using DNS NXDomain traffic.