TY - GEN
T1 - Comparison of DNS Based Methods for Detecting Malicious Domains
AU - Paz, Eyal
AU - Gudes, Ehud
N1 - Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020/1/1
Y1 - 2020/1/1
N2 - The Domain Name System (DNS) is an essential component of the internet infrastructure, used to translates domain names into IP addresses. Threat actors often abuse this system by registering and taking over thousands of Internet domains every day. These serve to launch various types of cyber-attacks, such as spam, phishing, botnets, and drive-by downloads. Currently, the main countermeasure addressing such threat is reactive blacklisting. Since cyber-attacks are mainly performed for short periods, reactive methods are usually too late and hence ineffective. As a result, new approaches to early identification of malicious websites are needed. In the recent decade, many novel papers were published offering systems to calculate domain reputation for domains that are not listed in common black-lists. This research implements three such approaches and evaluates their effectiveness in detecting malicious phishing domains. The social network analysis technique performed best, as it achieved a 60.71% detection rate with a false positive rate of only 0.35%.
AB - The Domain Name System (DNS) is an essential component of the internet infrastructure, used to translates domain names into IP addresses. Threat actors often abuse this system by registering and taking over thousands of Internet domains every day. These serve to launch various types of cyber-attacks, such as spam, phishing, botnets, and drive-by downloads. Currently, the main countermeasure addressing such threat is reactive blacklisting. Since cyber-attacks are mainly performed for short periods, reactive methods are usually too late and hence ineffective. As a result, new approaches to early identification of malicious websites are needed. In the recent decade, many novel papers were published offering systems to calculate domain reputation for domains that are not listed in common black-lists. This research implements three such approaches and evaluates their effectiveness in detecting malicious phishing domains. The social network analysis technique performed best, as it achieved a 60.71% detection rate with a false positive rate of only 0.35%.
KW - Attack
KW - Cyber security
KW - DNS
KW - Phishing
KW - Privacy-preserving security
KW - Reputation system
KW - Social network analysis
UR - http://www.scopus.com/inward/record.url?scp=85087744448&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-49785-9_14
DO - 10.1007/978-3-030-49785-9_14
M3 - Conference contribution
AN - SCOPUS:85087744448
SN - 9783030497842
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 219
EP - 236
BT - Cyber Security Cryptography and Machine Learning - 4th International Symposium, CSCML 2020, Proceedings
A2 - Dolev, Shlomi
A2 - Weiss, Gera
A2 - Kolesnikov, Vladimir
A2 - Lodha, Sachin
PB - Springer
T2 - 4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020
Y2 - 2 July 2020 through 3 July 2020
ER -