Botnets represent a substantial cyber threat, frequently employed in illicit activities such as Distributed Denial of Service (DDoS) attacks and data theft. These botnets adeptly evade detection through the continual advancement of techniques designed to obscure their command and control (C&C) servers. This study introduces a methodology for the detection of botnet-infected devices via the analysis of Domain Name System (DNS) traffic.
The proposed approach distinguishes between domain names generated by botnet algorithms and those created by humans, utilizing an integration of natural language processing principles augmented by a whitelist. Furthermore, this research includes a comprehensive evaluation of the performance and effectiveness of the Random Forest model, identifying critical performance parameters essential for anomaly detection in DNS traffic. The analysis is conducted leveraging multicore CPU processing to enhance detection capabilities.