https:\/\/www.doi.org\/10.31891\/2307-5732-2020-283-2-94-100<\/a><\/p>\n\u0420\u0435\u0446\u0435\u043d\u0437\u0456\u044f\/Peer review :<\/strong> 25.4.2020 \u0440.
\n\u041d\u0430\u0434\u0440\u0443\u043a\u043e\u0432\u0430\u043d\u0430\/Printed :<\/strong> 16.6.2020 \u0440.<\/p>\n\u0410\u043d\u043e\u0442\u0430\u0446\u0456\u044f \u043c\u043e\u0432\u043e\u044e \u043e\u0440\u0438\u0433\u0456\u043d\u0430\u043b\u0443<\/strong><\/p>\n\u0412 \u0440\u043e\u0431\u043e\u0442\u0456 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043e \u043c\u0435\u0442\u043e\u0434, \u0449\u043e \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u0454 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0456\u044e \u0434\u0438\u043d\u0430\u043c\u0456\u0447\u043d\u043e\u0457 \u201c\u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0430\u0446\u0456\u0457 \u0406\u0420-\u0430\u0434\u0440\u0435\u0441\u0456\u0432\u201d. \u0414\u0430\u043d\u0438\u0439 \u043c\u0435\u0442\u043e\u0434 \u0437\u043e\u0441\u0435\u0440\u0435\u0434\u0436\u0435\u043d\u0438\u0439 \u043d\u0430 \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u043d\u0456 \u0431\u043e\u0442-\u043c\u0435\u0440\u0435\u0436\u0456, \u0437\u0430 \u0434\u043e\u043f\u043e\u043c\u043e\u0433\u043e\u044e \u0441\u043a\u0430\u043d\u0443\u0432\u0430\u043d\u043d\u044f DNS \u0442\u0440\u0430\u0444\u0456\u043a\u0443 \u0442\u0430 \u043e\u0442\u0440\u0438\u043c\u0430\u043d\u043d\u044f \u0439\u043e\u0433\u043e \u043e\u0437\u043d\u0430\u043a. \u0417\u0430 \u0434\u043e\u043f\u043e\u043c\u043e\u0433\u043e\u044e \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0443 \u043c\u0430\u0448\u0438\u043d\u043d\u043e\u0433\u043e \u043d\u0430\u0432\u0447\u0430\u043d\u043d\u044f SVDD \u0432\u0438\u043a\u043e\u043d\u0443\u0454\u0442\u044c\u0441\u044f \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u043d\u044f \u0430\u043d\u043e\u043c\u0430\u043b\u0456\u0439 \u0443 \u0437\u0430\u0434\u0430\u043d\u0438\u0445 \u043e\u0437\u043d\u0430\u043a\u0430\u0445 \u0442\u0430 \u0441\u043f\u0456\u0432\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044f \u0457\u0445 \u0437 \u0432\u0456\u0434\u043f\u043e\u0432\u0456\u0434\u043d\u0438\u043c\u0438 \u0443\u043c\u043e\u0432\u0430\u043c\u0438, \u044f\u043a\u0456 \u0441\u0432\u0456\u0434\u0447\u0430\u0442\u044c \u043f\u0440\u043e \u043d\u0430\u044f\u0432\u043d\u0456\u0441\u0442\u044c \u0456\u043d\u0444\u0456\u043a\u043e\u0432\u0430\u043d\u043e\u0433\u043e \u0431\u043e\u0442\u043d\u0435\u0442\u0443 \u0443 \u0434\u0430\u043d\u043e\u043c\u0443 DNS \u0442\u0440\u0430\u0444\u0456\u043a\u0443. \u0426\u0435\u0439 \u043c\u0435\u0442\u043e\u0434 \u0434\u0430\u0454 \u0437\u043c\u043e\u0433\u0443 \u0432\u0438\u044f\u0432\u043b\u044f\u0442\u0438 \u0448\u043a\u0456\u0434\u043b\u0438\u0432\u0456 \u0431\u043e\u0442-\u043c\u0435\u0440\u0435\u0436\u0456 \u0456\u0437 \u0432\u0438\u0441\u043e\u043a\u043e\u044e \u0435\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u0456\u0441\u0442\u044e \u0442\u0430 \u0448\u0432\u0438\u0434\u043a\u0456\u0441\u0442\u044e. \u0426\u0435\u0439 \u043c\u0435\u0442\u043e\u0434 \u043c\u043e\u0436\u0435 \u0441\u0442\u0430\u0442\u0438 \u043e\u0441\u043d\u043e\u0432\u043e\u044e \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043d\u043e\u0433\u043e \u0437\u0430\u0431\u0435\u0437\u043f\u0435\u0447\u0435\u043d\u043d\u044f \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u043d\u044f \u0431\u043e\u0442-\u043c\u0435\u0440\u0435\u0436, \u044f\u043a\u0456 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u044e\u0442\u044c \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0456\u044e \u201c\u0434\u0438\u043d\u0430\u043c\u0456\u0447\u043d\u0430 \u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0430\u0446\u0456\u044f \u0406\u0420-\u0430\u0434\u0440\u0435\u0441\u201d.
\n\u041a\u043b\u044e\u0447\u043e\u0432\u0456 \u0441\u043b\u043e\u0432\u0430:<\/strong> \u0431\u043e\u0442-\u043c\u0435\u0440\u0435\u0436\u0430, DNS, SVDD, \u043c\u0430\u0448\u0438\u043d\u043d\u0435 \u043d\u0430\u0432\u0447\u0430\u043d\u043d\u044f.<\/p>\n\u0420\u043e\u0437\u0448\u0438\u0440\u0435\u043d\u0430 \u0430\u043d\u043e\u0442\u0430\u0446\u0456\u044f \u0430\u043d\u0433\u043b\u0456\u0439\u0441\u044c\u043a\u043e\u044e \u043c\u043e\u0432\u043e\u044e<\/strong><\/p>\nFast flux is a method that a criminal can use to prevent the identification of the IP address of his or her own computer. The main idea of this paper is to create a method for fast-flux botnet detection based on the SVDD(support vector data description) machine learning and anomalies detection algorithm that achieves better performance and efficiency. Using this method gives an opportunity to easily detect malware in botnets and notify the user about that. It makes possible to save and protect user\u2019s private data.\u00a0\u00a0We focus on detection fast-flux botnets based on the scanning Domain name system (DNS). The method has a unique structure and can be extended with new parameters in the future. The method collects all received data and extracts only useful parameters from each DNS message and transforms this data into valid and understandable for the algorithm. In this article represented a method which uses anomalies detection approach. SVDD algorithms it is a powerful tool that allows us to identify malware botnet in the system in the earlier stages before they occur and infect the system. Using the SVDD algorithm can improve the detection of the botnets based on the fast-flux approach. To provide the most efficient machine learning algorithm it should be trained by the special data. In this case, the system provides the highest level of accuracy and low level of the fault.\u00a0 This algorithm can detect the anomalies that were unknown in the training step, it can increase number of the botnets if the future. The proposed methods and algorithm was tested on the implemented locally system and showed a good result of detection fast-flux botnet. The level of accuracy showed 97.8%.
\nKeywords:<\/strong> fast-flux, malware, SVDD, DNS. machine learning, anomalies detection.<\/p>\nReferences<\/strong><\/p>\n\n- Botnet URL: https:\/\/en.wikipedia.org\/wiki\/Botnet. (date 21.03.20)<\/li>\n
- Domain name system Wikipedia. URL: https:\/\/en.wikipedia.org\/wiki\/Domain_Name_System (date03.20)<\/li>\n
- Botnet scams are exploding Google Scholar. URL: http:\/\/www.contentagenda.com\/articleXml\/LN760999245.html?industryid=45177 (date03.20)<\/li>\n
- Detect Fast-Flux Domains Through Response Time Differences IEEE Xplore. URL: https:\/\/ieeexplore.ieee.org\/abstract\/document\/6905768 (date03.20)<\/li>\n
- Chahal P. S., and Khurana S. S. TempR: Application of Stricture Dependent Intelligent Classifier for Fast Flux Domain Detection, International Journal of Computer Network & Information Security, vol. 8, 10.11.2016<\/li>\n
- Celik Z. B., and Oktug S. Detection of fast-flux networks using various dns feature sets. p. 868\u2013<\/li>\n
- Nafarieh Z., Mahdipur E., Haj Seyed Javadi H. (2019). Detecting Active Bot Networks Based on DNS Traffic Analysis.\u00a0Journal of Advances in Computer Engineering and Technology, 5(3), 129\u2013<\/li>\n
- Learning to link human objects in video and advertisements with clothes retrieval. IEEE Xplore. URL: https:\/\/ieeexplore.ieee.org\/abstract\/document\/7727859\/ (date03.20)<\/li>\n
- Alieyan K., ALmomani A., Manasrah A., and Kadhum M. M. A survey of botnet detection based on DNS\u2019, Neural Comput. Appl., vol. 28, no. 7, p. 1541\u20131558, 2017.<\/li>\n
- Vapnik V.N. Statictical learning theory. Wiley, 1998, 740 p.<\/li>\n
- Manolakis D., Marden D., Shaw G., Hyperspectral image processing for automatic target detection applications,\u00a0Lincoln Lab. J.<\/em>, vol. 14, no. 1, pp. 79\u2013114, 2003.<\/li>\n
- Tax D.M., Duin R.P. Support Vector Data Description. Machine Learning 54, 45\u201366 (2004). https:\/\/doi.org\/10.1023\/B:MACH.0000008084.60811.49<\/li>\n
- Ruirui J., Ding L., Min W., Liu J. The application of SVDD in gene expression data clustering,\u00a0 Int. Conf. Bioinformat. Biomed. Eng.<\/em>, pp. 371\u2013374, 2008.<\/li>\n
- Malware Domain Blocklist\u00a0 DNS-BH \u2013 Malware Domain Blocklist by RiskAnalytics. URL: https:\/\/www.malwaredomains.com\/ (date03.20)<\/li>\n<\/ol>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
\u041c\u0415\u0422\u041e\u0414 \u0422\u0410 \u0417\u0410\u0421\u041e\u0411\u0418 \u0406\u0414\u0415\u041d\u0422\u0418\u0424\u0406\u041a\u0410\u0426\u0406\u0407 \u0411\u041e\u0422-\u041c\u0415\u0420\u0415\u0416, \u0429\u041e \u0412\u0418\u041a\u041e\u0420\u0418\u0421\u0422\u041e\u0412\u0423\u042e\u0422\u042c \u0422\u0415\u0425\u041d\u041e\u041b\u041e\u0413\u0406\u042e \u00ab\u0414\u0418\u041d\u0410\u041c\u0406\u0427\u041d\u0410 \u041f\u0415\u0420\u0415\u0410\u0414\u0420\u0415\u0421\u0410\u0426\u0406\u042f \u0406\u0420-\u0410\u0414\u0420\u0415\u0421\u00bb METHOD AND SOFTWARE OF FAST-FLUX BOTNET DETECTION \u0421\u0442\u043e\u0440\u0456\u043d\u043a\u0438: 94-100. \u041d\u043e\u043c\u0435\u0440: \u21162, 2020 (283) \u0410\u0432\u0442\u043e\u0440\u0438: \u0421.\u041c. \u041b\u0418\u0421\u0415\u041d\u041a\u041e, \u0404.\u0421. \u0411\u0423\u0420\u0414\u0410\u0428 \u0425\u043c\u0435\u043b\u044c\u043d\u0438\u0446\u044c\u043a\u0438\u0439 \u043d\u0430\u0446\u0456\u043e\u043d\u0430\u043b\u044c\u043d\u0438\u0439 \u0443\u043d\u0456\u0432\u0435\u0440\u0441\u0438\u0442\u0435\u0442 LYSENKO, Y. BURDASH Khmelnytskyi National University DOI: https:\/\/www.doi.org\/10.31891\/2307-5732-2020-283-2-94-100 \u0420\u0435\u0446\u0435\u043d\u0437\u0456\u044f\/Peer review : 25.4.2020 \u0440. \u041d\u0430\u0434\u0440\u0443\u043a\u043e\u0432\u0430\u043d\u0430\/Printed : 16.6.2020 \u0440. \u0410\u043d\u043e\u0442\u0430\u0446\u0456\u044f \u043c\u043e\u0432\u043e\u044e \u043e\u0440\u0438\u0433\u0456\u043d\u0430\u043b\u0443 \u0412 \u0440\u043e\u0431\u043e\u0442\u0456 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043e […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=\/wp\/v2\/posts\/1253"}],"collection":[{"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1253"}],"version-history":[{"count":3,"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=\/wp\/v2\/posts\/1253\/revisions"}],"predecessor-version":[{"id":3977,"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=\/wp\/v2\/posts\/1253\/revisions\/3977"}],"wp:attachment":[{"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1253"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1253"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.khnu.km.ua\/vestnik\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1253"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![](\"http:\/\/journals.khnu.km.ua\/vestnik\/wp-content\/uploads\/2021\/01\/pdf.png\")
<\/a> \u0421\u0442\u043e\u0440\u0456\u043d\u043a\u0438: 94-100. \u041d\u043e\u043c\u0435\u0440: \u21162, 2020 (283)<\/strong><\/p>\n