Bobrovnikova K. The Information technology for botnets detection in corporate area networks based on DNS-traffic analysis

The dissertation is devoted to solving of the important scientific problem - the creation of information technology to increase reliability and efficiency of DNS-based botnet detection in the corporate area networks. The model of botnets which takes into account DNS, the model of DNS-traffic and the model of process of botnets detection in corporate area networks which is based on an analysis of the DNS-traffic were developed. On the basis of the developed models the information technology for botnet detection based on the analysis of DNS-traffic was developed. It is based on two new developed methods: the method of botnets identification based on their group activity in DNS-traffic and the method for botnets detection that use DNS-based evasion techniques. The software of the information technology for botnets detection in the corporate area networks that based on an analysis of the DNS-traffic was developed. Usage of the developed software makes it possible to detect known and unknown bots of the botnets with high reliability.