Abstract
Cyber attackers abuse the domain name system (DNS) to mystify their attack ecosystems, they systematically generate a huge volume of distinct domain names to make it infeasible for blacklisting approaches to keep up with newly generated malicious domain names. As a solution to this problem, we propose a system for discovering malicious domain names that will likely be abused in future. The key idea with our system is to exploit temporal variation patterns (TVPs) of domain names. The TVPs of domain names include information about how and when a domain name has been listed in legitimate/popular and/or malicious domain name lists. On the basis of this idea, our system actively collects DNS logs, analyzes their TVPs, and predicts whether a given domain name will be used for malicious purposes. Our evaluation revealed that our system can predict malicious domain names 220 days beforehand with a true positive rate of 0.985.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 491-502 |
| Number of pages | 12 |
| ISBN (Electronic) | 9781467388917 |
| DOIs | |
| Publication status | Published - 2016 Sep 29 |
| Event | 46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016 - Toulouse, France Duration: 2016 Jun 28 → 2016 Jul 1 |
Other
| Other | 46th IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016 |
|---|---|
| Country | France |
| City | Toulouse |
| Period | 16/6/28 → 16/7/1 |
Keywords
- DNS
- Malicious domain name
- Temporal variation pattern
ASJC Scopus subject areas
- Hardware and Architecture
- Software
- Safety, Risk, Reliability and Quality
- Computer Networks and Communications