Domain Name System (DNS) is a fundamental component of today's Internet: it provides mappings between domain names used by people and the corresponding IP addresses required by network protocols. However, the open and fundamental characteristics of DNS are recently used by the botnet for the communication between bots and C&C. In this paper, we select six kinds of special features of botnet domain querying traffic based on the deep studies of the DNS log. Then three popular classifiers are adopted in order to pick the malicious domains out from the DNS traffic using those features.
展开▼