Export Citation
Export Citation
Nguyen, VH and Shone, N 
ORCID: 0000-0002-7920-9434
(2025)
Detecting DGA-managed Thingbots Using DNS Traffic.
Journal of Control Engineering and Applied Informatics, 27 (2).
pp. 23-31.
ISSN 1454-8658
Preview |
Text
DGA-Thingbots.pdf - Accepted Version Download (412kB) | Preview |
Abstract
Many Internet of Things devices have weak security by default, which is often exploited by malware to recruit such devices into Thingbots (a botnet comprised of Internet of Things devices). The concerning capabilities of Thingbots have been demonstrated by Mirai, which powered the largest Distributed Denial of Service (DDoS) attack ever recorded. Thingbots rely upon the number of devices, rather than their computational capacity. Hence, as more devices become Internet-enabled, the severity of this problem will only increase. However, the coordination of such a large and distributed system poses a challenge. One commonly utilised mechanism is Domain Generation Algorithms (DGAs), which can help attackers communicate with compromised devices whilst evading detection. Current detection systems are unsuitable for analysing high volumes of network traffic as they struggle to balance accuracy with the expected levels of privacy-preservation and performance. Many effective yet complex techniques such as reverse engineering, are considered too costly in terms of time, resources and privacy. Other existing techniques tend to focus on post-event analysis such as aggregation of non-existent domains or analysis of basic characteristics but these often yield unacceptable delays or high false detection rates. As a solution to this problem, we present our novel technique for detecting DGA-managed Thingbots. We propose a solution that hybridises deep learning, shallow learning and morphological observations, to monitor Domain Name System (DNS) traffic. Using real-world data, we demonstrate that the proposed approach can accurately identify DNS traffic symptomatic of DGA-based Thingbots, with low false detection rates.
| Item Type: | Article |
|---|---|
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
| Divisions: | Computer Science and Mathematics |
| Publisher: | Societatea Română de Automatică și Informatică Tehnică |
| Date of acceptance: | 2 June 2025 |
| Date of first compliant Open Access: | 13 November 2025 |
| Date Deposited: | 13 Nov 2025 14:35 |
| Last Modified: | 13 Nov 2025 14:45 |
| DOI or ID number: | 10.61416/ceai.v27i2.9302 |
| URI: | https://researchonline.ljmu.ac.uk/id/eprint/27392 |
 |
View Item |