06. November 2010 · Comments Off on Boffins devise early-warning bot spotter • The Register · Categories: blog · Tags: , , , ,

Boffins devise early-warning bot spotter • The Register.

Researchers at Texas A&M have written a paper proposing a method for Detecting Algorithmically Generated Malicious Domain Names. It focuses on detecting domain fluxing, a technique used by botnets such as Conficker.

The method uses techniques from signal detection theory and statistical learning to detect domain names generated from a variety of algorithms, including those based on pseudo-random strings, dictionary-based words, and words that are pronounceable but not in any dictionary. It has a 100-percent detection rate with no false positives when 500 domains are generated per top-level domain. When 50 domains are mapped to the same TLD, the 100-percent detection rate remains, but false positives jump to 15 percent.