TY - GEN
T1 - A topology based flow model for computing domain reputation
AU - Mishsky, Igor
AU - Gal-Oz, Nurit
AU - Gudes, Ehud
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2015.
PY - 2015/1/1
Y1 - 2015/1/1
N2 - The Domain Name System (DNS) is an essential component of the internet infrastructure that translates domain names into IP addresses. Recent incidents verify the enormous damage of malicious activities utilizing DNS such as bots that use DNS to locate their command & control servers. Detecting malicious domains using the DNS network is therefore a key challenge. We project the famous expression Tell me who your friends are and I will tell you who you are, motivating many social trust models, on the internet domains world. A domain that is related to malicious domains is more likely to be malicious as well. In this paper, our goal is to assign reputation values to domains and IPs indicating the extent to which we consider them malicious. We start with a list of domains known to be malicious or benign and assign them reputation scores accordingly. We then construct a DNS based graph in which nodes represent domains and IPs. Our new approach for computing domain reputation applies a flow algorithm on the DNS graph to obtain the reputation of domains and identify potentially malicious ones. The experimental evaluation of the flow algorithm demonstrates its success in predicting malicious domains.
AB - The Domain Name System (DNS) is an essential component of the internet infrastructure that translates domain names into IP addresses. Recent incidents verify the enormous damage of malicious activities utilizing DNS such as bots that use DNS to locate their command & control servers. Detecting malicious domains using the DNS network is therefore a key challenge. We project the famous expression Tell me who your friends are and I will tell you who you are, motivating many social trust models, on the internet domains world. A domain that is related to malicious domains is more likely to be malicious as well. In this paper, our goal is to assign reputation values to domains and IPs indicating the extent to which we consider them malicious. We start with a list of domains known to be malicious or benign and assign them reputation scores accordingly. We then construct a DNS based graph in which nodes represent domains and IPs. Our new approach for computing domain reputation applies a flow algorithm on the DNS graph to obtain the reputation of domains and identify potentially malicious ones. The experimental evaluation of the flow algorithm demonstrates its success in predicting malicious domains.
UR - http://www.scopus.com/inward/record.url?scp=84949934270&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-20810-7_20
DO - 10.1007/978-3-319-20810-7_20
M3 - Conference contribution
AN - SCOPUS:84949934270
SN - 9783319208091
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 277
EP - 292
BT - Data and Applications Security and Privacy XXIX - 29th Annual IFIP WG 11.3 Working Conference, DBSec 2015, Proceedings
A2 - Samarati, Pierangela
PB - Springer Verlag
T2 - 29th IFIP WG 11.3 Working Conference on Data and Applications Security, DBSec 2015
Y2 - 13 July 2015 through 15 July 2015
ER -
