DomainProfiler: toward accurate and early discovery of domain names abused in future

Daiki Chiba*, Takeshi Yagi, Mitsuaki Akiyama, Toshiki Shibahara, Tatsuya Mori, Shigeki Goto

*この研究の対応する著者

研究成果: Article査読

1 被引用数 (Scopus)

抄録

Domain names are at the base of today’s cyber-attacks. Attackers abuse the domain name system (DNS) to mystify their attack ecosystems; they systematically generate a huge volume of distinct domain names to make it infeasible for blacklisting approaches to keep up with newly generated malicious domain names. To solve this problem, we propose DomainProfiler for discovering malicious domain names that are likely to be abused in future. The key idea with our system is to exploit temporal variation patterns (TVPs) of domain names. The TVPs of domain names include information about how and when a domain name has been listed in legitimate/popular and/or malicious domain name lists. On the basis of this idea, our system actively collects historical DNS logs, analyzes their TVPs, and predicts whether a given domain name will be used for malicious purposes. Our evaluation revealed that DomainProfiler can predict malicious domain names 220 days beforehand with a true positive rate of 0.985. Moreover, we verified the effectiveness of our system in terms of the benefits from our TVPs and defense against cyber-attacks.

本文言語English
ページ(範囲)661-680
ページ数20
ジャーナルInternational Journal of Information Security
17
6
DOI
出版ステータスPublished - 2018 11月 1

ASJC Scopus subject areas

  • ソフトウェア
  • 情報システム
  • 安全性、リスク、信頼性、品質管理
  • コンピュータ ネットワークおよび通信

フィンガープリント

「DomainProfiler: toward accurate and early discovery of domain names abused in future」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル