Regresar

Botnets Detection in DNS logs using machine learning

Abstract:

Botnets detection is a computationally expensive problem for which there is no deterministic solution yet. The scientific problem that raises is how to define a procedure for botnet detection with limited resources. In this paper, a botnets' detection method, based on machine learning, is formalized and evaluated. This proposal makes use of Splunk, a tool that allowed us to use the Random Forest algorithm to analyze DNS logs in order to detect connections to CC servers. The resulting procedure complements the use of machine learning with the verification against other data sources for improving the results. The achieved results showed an error margin of +/- 5.44 for 18,748,713 events which were analyzed. This way, the validity of this proposal was proved.

Año de publicación:

2019

Keywords:

  • RandomForest
  • Dns server
  • security
  • Machine learning
  • Botnet attack

Fuente:

scopusscopus

Tipo de documento:

Conference Object

Estado:

Acceso restringido

Áreas de conocimiento:

  • Aprendizaje automático
  • Ciencias de la computación

Áreas temáticas:

  • Ciencias de la computación

Contribuidores:

Félix Oscar Fernández-PeñaFélix Oscar Fernández-Peña
Zurita-Amores A.Zurita-Amores A.