Implementación y evaluación de algoritmos de detección de botnets basados en técnicas DGA en la red de comunicación de un Instituto de Educación Superior (IES).

Abstract

With the constant evolution of telecommunications networks and the exponential increase in Internet traffic, it is necessary to prevent increasingly sophisticated cyberattacks. DGAs is a technique that allows for the automatic and covert generation of malicious domains to control Bots and execute these attacks. It is proposed to implement two Botnets detection algorithms based on DGAs: MaldomDetector and masked N-grams. These algorithms use supervised machine learning and rely on the extraction of lexical and statistical features from domain names. To carry out the detection of mAGDs, the BNDF framework will be used as a base. However, as BNDF does not provide real-time results, an early detection module was developed to optimize the framework’s operation based on the selected detection algorithms. Different test scenarios were designed in controlled environments and on a real network. In the controlled scenarios, various evaluation metrics were used to determine the detection performance of the algorithms. In real network tests, DNS requests were analyzed alongside the predictions made by the algorithms, with the aim of evaluating the accuracy of the predictions. Finally, the computational resource usage required by each algorithm was evaluated. Masked N-grams demonstrated excellent performance in terms of classification, achieving a value of 85.09 % in all metrics. MaldomDetector showed a better processing time with 1.38 ms per domain, making it the best option for networks with limited resources.