View article

A botnet is a network of compromised hosts (bots) remotely controlled by a so-called bot herder through one or more command and control (C&C) servers. New generation botnets, such as Conficker and Murofet, tend to use a form of domain fluxing for command and control. Each domain fluxing bot generates a list of domain names using a domain name generation algorithm (DGA) and queries each of them until one of them is resolved to a C&C server. Since the bot herder registers only a few of these domain names, the domain fluxing bots generate many failed DNS queries. Even though some efforts have been focused on the detection of DGA-based botnets, but none of them consider the history of suspicious activities. This makes the detection system has a potentially high false alarm rate. In this paper, we propose a novel reputation system to detect DGA-based botnets. Our main goal is to automatically assign …