Advanced flow models for computing the reputation of internet domains

Hussien Othman, Ehud Gudes, Nurit Gal-Oz

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

The Domain Name System (DNS) is an essential component of the Internet infrastructure that translates domain names into IP addresses. Recent incidents verify the enormous damage of malicious activities utilizing DNS such as bots that use DNS to locate their command & control servers. We believe that a domain that is related to malicious domains is more likely to bemalicious as well and therefore detecting malicious domains using the DNS network topology is a key challenge. In this work we improve the flow model presented by Mishsky et al. [12] for computing the reputation of domains. This flow model is applied on a graph of domains and IPs and propagates their reputation scores through the edges that connect them to express the impact of malicious domains on related domains. We propose the use of clustering to guide the flow of reputation in the graph and examine two different clustering methods to identify groups of domains and IPs that are strongly related. The flow algorithms use these groups to emphasize the influence of nodes within the same cluster on each other. We evaluate the algorithms using a large database received from a commercial company. The experimental evaluation of our work have shown the expected improvement over previous work [12] in detecting malicious domains.

Original languageEnglish
Title of host publicationTrust Management XI - 11th IFIP WG 11.11 International Conference, IFIPTM 2017, Proceedings
EditorsJan-Philipp Steghofer, Babak Esfandiari
PublisherSpringer New York LLC
Pages119-134
Number of pages16
ISBN (Print)9783319591704
DOIs
StatePublished - 1 Jan 2017
Event11th IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2017 - Gothenburg, Sweden
Duration: 12 Jun 201716 Jun 2017

Publication series

NameIFIP Advances in Information and Communication Technology
Volume505
ISSN (Print)1868-4238

Conference

Conference11th IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2017
Country/TerritorySweden
CityGothenburg
Period12/06/1716/06/17

ASJC Scopus subject areas

  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Advanced flow models for computing the reputation of internet domains'. Together they form a unique fingerprint.

Cite this