Detecting Malicious Domains by Massive DNS Traffic Data Analysis

被引：5

作者：

Tian, Shiqi ^{[1
]}

Fang, Cheng ^{[1
]}

Liu, Jun ^{[1
,2
]}

Lei, Zhenming ^{[1
,2
]}

机构：

[1] Beijing Univ Posts & Telecommun, Beijing Key Lab Network Syst Architecture & Conve, Beijing, Peoples R China

[2] HAOHAN Data Technol Co LTD, Beijing, Peoples R China

来源：

2016 8TH INTERNATIONAL CONFERENCE ON INTELLIGENT HUMAN-MACHINE SYSTEMS AND CYBERNETICS (IHMSC), VOL. 1 | 2016年

关键词：

malicious domains; classification efficiency; massive dataset; Spark framework;

D O I：

10.1109/IHMSC.2016.53

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

DNS (Domain name System) is one of the most prevalent protocols on modern networks and is essential for the correct operation of many network activities including the malicious operation. Monitoring the DNS traffic is an effective method to detect malicious activities. In this paper, we proposed an approach to detect malicious domains by analyzing massive mobile web traffic data. We used multiple features to classify, including the textual features and the traffic statistics features of domains and presented three typical classifiers to compare the classifying effect of each. Spark framework is leveraged to speed up the calculation of a large-scale DNS traffic. The efficiency of our system makes us believe the approach can help a lot in the field of network security.

引用

页码：130 / 133

页数：4

共 50 条

[1] DNS Traffic Analysis for Malicious Domains Detection
Ghafir, Ibrahim
Prenosil, Vaclav
[J]. 2ND INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING AND INTEGRATED NETWORKS (SPIN) 2015, 2015, : 613 - 618
[2] Classifying Malicious Domains using DNS Traffic Analysis
Mahdavifar, Samaneh
Maleki, Nasim
Lashkari, Arash Habibi
Broda, Matt
Razavi, Amir H.
[J]. 2021 IEEE INTL CONF ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, INTL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING, INTL CONF ON CLOUD AND BIG DATA COMPUTING, INTL CONF ON CYBER SCIENCE AND TECHNOLOGY CONGRESS DASC/PICOM/CBDCOM/CYBERSCITECH 2021, 2021, : 60 - 67
[3] Detecting APT Malware Infections Based on Malicious DNS and Traffic Analysis
Zhao, Guodong
Xu, Ke
Xu, Lei
Wu, Bo
[J]. IEEE ACCESS, 2015, 3 : 1132 - 1142
[4] Comparison of DNS Based Methods for Detecting Malicious Domains
Paz, Eyal
Gudes, Ehud
[J]. CYBER SECURITY CRYPTOGRAPHY AND MACHINE LEARNING (CSCML 2020), 2020, 12161 : 219 - 236
[5] A Survey on Malicious Domains Detection through DNS Data Analysis
Zhauniarovich, Yury
Khalil, Issa
Yu, Ting
Dacier, Marc
[J]. ACM COMPUTING SURVEYS, 2018, 51 (04)
[6] An Imbalanced Malicious Domains Detection Method Based on Passive DNS Traffic Analysis
Liu, Zhenyan
Zeng, Yifei
Zhang, Pengfei
Xue, Jingfeng
Zhang, Ji
Liu, Jiangtao
[J]. SECURITY AND COMMUNICATION NETWORKS, 2018,
[7] Discovering Malicious Domains through Passive DNS Data Graph Analysis
Khalil, Issa
Yu, Ting
Guan, Bei
[J]. ASIA CCS'16: PROCEEDINGS OF THE 11TH ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2016, : 663 - 674
[8] Malicious DNS Tunneling Detection in Real-Traffic DNS Data
Lambion, Danielle
Josten, Michael
Olumofin, Femi
De Cock, Martine
[J]. 2020 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2020, : 5736 - 5738
[9] Malicious DNS Traffic in Tor: Analysis and Countermeasures
Sonntag, Michael
[J]. PROCEEDINGS OF THE 5TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY (ICISSP), 2019, : 536 - 543
[10] Kindred Domains: Detecting and Clustering Botnet Domains Using DNS Traffic
Thomas, Matthew
Mohaisen, Aziz
[J]. WWW'14 COMPANION: PROCEEDINGS OF THE 23RD INTERNATIONAL CONFERENCE ON WORLD WIDE WEB, 2014, : 707 - 712

← 1 2 3 4 5 →