Detecting Malicious Domains by Massive DNS Traffic Data Analysis

被引：5

作者：

Tian, Shiqi ^{[1
]}

Fang, Cheng ^{[1
]}

Liu, Jun ^{[1
,2
]}

Lei, Zhenming ^{[1
,2
]}

机构：

[1] Beijing Univ Posts & Telecommun, Beijing Key Lab Network Syst Architecture & Conve, Beijing, Peoples R China

[2] HAOHAN Data Technol Co LTD, Beijing, Peoples R China

来源：

2016 8TH INTERNATIONAL CONFERENCE ON INTELLIGENT HUMAN-MACHINE SYSTEMS AND CYBERNETICS (IHMSC), VOL. 1 | 2016年

关键词：

malicious domains; classification efficiency; massive dataset; Spark framework;

D O I：

10.1109/IHMSC.2016.53

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

DNS (Domain name System) is one of the most prevalent protocols on modern networks and is essential for the correct operation of many network activities including the malicious operation. Monitoring the DNS traffic is an effective method to detect malicious activities. In this paper, we proposed an approach to detect malicious domains by analyzing massive mobile web traffic data. We used multiple features to classify, including the textual features and the traffic statistics features of domains and presented three typical classifiers to compare the classifying effect of each. Spark framework is leveraged to speed up the calculation of a large-scale DNS traffic. The efficiency of our system makes us believe the approach can help a lot in the field of network security.

引用

页码：130 / 133

页数：4

共 50 条

[41] Unveiling malicious DNS behavior profiling and generating benchmark dataset through application layer traffic analysis
Shafi, Mohammadmoein
Lashkari, Arash Habibi
Mohanty, Hardhik
[J]. COMPUTERS & ELECTRICAL ENGINEERING, 2024, 118
[42] Detecting Malicious Queries From Search Engine Traffic
Pan, Daoxin
Bai, Wei
Zhang, Siyu
Zou, Futai
[J]. 2012 INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING (WICOM), 2012,
[43] Detecting Malicious Manipulation of Synchrophasor Data
Pal, Seemita
Sikdar, Biplab
Chow, Joe H.
[J]. 2015 IEEE INTERNATIONAL CONFERENCE ON SMART GRID COMMUNICATIONS (SMARTGRIDCOMM), 2015, : 145 - 150
[44] DNS Covert Channel Detection Based on Self-Generated Malicious Traffic
Diao, Jia-Wen
Fang, Bin-Xing
Tian, Zhi-Hong
Wang, Zhong-Ru
Song, Shou-You
Wang, Tian
Cui, Xiang
[J]. Jisuanji Xuebao/Chinese Journal of Computers, 2022, 45 (10): : 2190 - 2206
[45] DBod: Clustering and detecting DGA-based botnets using DNS traffic analysis
Wang, Tzy-Shiah
Lin, Hui-Tang
Cheng, Wei-Tsung
Chen, Chang-Yu
[J]. COMPUTERS & SECURITY, 2017, 64 : 1 - 15
[46] Detecting malicious DoH traffic: Leveraging small sample analysis and adversarial networks for detection
Wu, Shaoqian
Wang, Wei
Ding, Zhanmeng
[J]. JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2024, 84
[47] Detecting malicious use with unlabelled data using clustering and outlier analysis
Knight, GS
Carosielli, L
[J]. SECURITY AND PRIVACY IN THE AGE OF UNCERTAINTY, 2003, 122 : 205 - 216
[48] How to Detect Benign Domains Based on "Lonesome" DNS Traffic
Han, Chunyu
Zhang, Yongzheng
Zhang, Yu
[J]. 2020 IEEE 8TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND NETWORK TECHNOLOGY (ICCSNT), 2020, : 155 - 159
[49] Detecting abnormal DNS traffic using unsupervised machine learning
Thi Quynh Nguyen
Laborde, Romain
Benzekri, Abdelmalek
Qu'hen, Bruno
[J]. 2020 FOURTH CYBER SECURITY IN NETWORKING CONFERENCE (CSNET), 2020,
[50] Detecting Malicious Domains using the Splunk Machine Learning Toolkit
Cersosimo, Michelle
Lara, Adrian
[J]. PROCEEDINGS OF THE IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM 2022, 2022,

← 1 2 3 4 5 →