@inproceedings{0b1f2dc0084b4ce0b7a351497ca44b30,
title = "Getting Prepared for the Next Botnet Attack: Detecting Algorithmically Generated Domains in Botnet Command and Control",
abstract = "This paper highlights the high noise to signal ratio that DNS traffic poses to network defense' incident detection and response, and the broader topic of the critical time component required from intrusion detection for actionable security intelligence. Nowhere is this truer than in the monitoring and interception of malware command and control communications hidden amongst benign DNS internet traffic. Global ransomware and malware families were responsible for over 5 billion USD in losses. In 4 days Reaper, a Mirai variant, infected 2.7m nodes. The scale of malware infections outstrips information security blacklisting ability to keep pace. Machine learning techniques, such as CLIP, provide the ability to detect malware traffic to malicious command and control domains with high reliability using lexical properties and semantic patterns in algorithmically generated domain names.",
keywords = "CC, DNS, actionable intelligence, big data security analytics, botnet, dga, machine learning, n-gram",
author = "Tim Kelley and Eoghan Furey",
note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 29th Irish Signals and Systems Conference, ISSC 2018 ; Conference date: 21-06-2018 Through 22-06-2018",
year = "2018",
month = dec,
day = "20",
doi = "10.1109/ISSC.2018.8585344",
language = "English",
series = "29th Irish Signals and Systems Conference, ISSC 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "29th Irish Signals and Systems Conference, ISSC 2018",
}