Comparison of DNS Based Methods for Detecting Malicious Domains

Eyal Paz, Ehud Gudes

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations


The Domain Name System (DNS) is an essential component of the internet infrastructure, used to translates domain names into IP addresses. Threat actors often abuse this system by registering and taking over thousands of Internet domains every day. These serve to launch various types of cyber-attacks, such as spam, phishing, botnets, and drive-by downloads. Currently, the main countermeasure addressing such threat is reactive blacklisting. Since cyber-attacks are mainly performed for short periods, reactive methods are usually too late and hence ineffective. As a result, new approaches to early identification of malicious websites are needed. In the recent decade, many novel papers were published offering systems to calculate domain reputation for domains that are not listed in common black-lists. This research implements three such approaches and evaluates their effectiveness in detecting malicious phishing domains. The social network analysis technique performed best, as it achieved a 60.71% detection rate with a false positive rate of only 0.35%.

Original languageEnglish
Title of host publicationCyber Security Cryptography and Machine Learning - 4th International Symposium, CSCML 2020, Proceedings
EditorsShlomi Dolev, Gera Weiss, Vladimir Kolesnikov, Sachin Lodha
Number of pages18
ISBN (Print)9783030497842
StatePublished - 1 Jan 2020
Event4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020 - Beersheba, Israel
Duration: 2 Jul 20203 Jul 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12161 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference4th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2020


  • Attack
  • Cyber security
  • DNS
  • Phishing
  • Privacy-preserving security
  • Reputation system
  • Social network analysis

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)


Dive into the research topics of 'Comparison of DNS Based Methods for Detecting Malicious Domains'. Together they form a unique fingerprint.

Cite this