Domain profiler: Discovering domain names abused in future

Daiki Chiba, Takeshi Yagi, Mitsuaki Akiyama, Toshiki Shibahara, Takeshi Yada, Tatsuya Mori, Shigeki Goto

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    11 Citations (Scopus)

    Abstract

    Cyber attackers abuse the domain name system (DNS) to mystify their attack ecosystems, they systematically generate a huge volume of distinct domain names to make it infeasible for blacklisting approaches to keep up with newly generated malicious domain names. As a solution to this problem, we propose a system for discovering malicious domain names that will likely be abused in future. The key idea with our system is to exploit temporal variation patterns (TVPs) of domain names. The TVPs of domain names include information about how and when a domain name has been listed in legitimate/popular and/or malicious domain name lists. On the basis of this idea, our system actively collects DNS logs, analyzes their TVPs, and predicts whether a given domain name will be used for malicious purposes. Our evaluation revealed that our system can predict malicious domain names 220 days beforehand with a true positive rate of 0.985.

    Original languageEnglish
    Title of host publicationProceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    Pages491-502
    Number of pages12
    ISBN (Electronic)9781467388917
    DOIs
    Publication statusPublished - 2016 Sep 29
    Event46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016 - Toulouse, France
    Duration: 2016 Jun 282016 Jul 1

    Other

    Other46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016
    CountryFrance
    CityToulouse
    Period16/6/2816/7/1

      Fingerprint

    Keywords

    • DNS
    • Malicious domain name
    • Temporal variation pattern

    ASJC Scopus subject areas

    • Hardware and Architecture
    • Software
    • Safety, Risk, Reliability and Quality
    • Computer Networks and Communications

    Cite this

    Chiba, D., Yagi, T., Akiyama, M., Shibahara, T., Yada, T., Mori, T., & Goto, S. (2016). Domain profiler: Discovering domain names abused in future. In Proceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016 (pp. 491-502). [7579766] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN.2016.51