633 Hits in 10.6 sec


Leyla Bilge, Sevil Sen, Davide Balzarotti, Engin Kirda, Christopher Kruegel
2014 ACM Transactions on Privacy and Security  
As a consequence, the monitoring and analysis of DNS queries has recently been proposed as one of the most promising technique to detect and blacklist domains involved in malicious activities (e.g., phishing  ...  A wide range of malicious activities rely on the domain name service (DNS) to manage their large, distributed networks of infected machines.  ...  [Antonakakis et al. 2010; Antonakakis et al. 2011; Antonakakis et al. 2012 ] that aim to detect malicious domains using passive DNS analysis besides as EXPOSURE does.  ... 
doi:10.1145/2584679 fatcat:kwnc4hjfbbeenpye4j7oqrrlia

A Retrospective Analysis of User Exposure to (Illicit) Cryptocurrency Mining on the Web [article]

Ralph Holz, Diego Perino, Matteo Varvello, Johanna Amann, Andrea Continella, Nate Evans, Ilias Leontiadis, Christopher Natoli, Quirin Scheitle
2020 arXiv   pre-print
We also monitor open HTTP proxies and the Tor network for malicious injection of code. We find that the risk for most Web users was always very low, much lower than what deployment scans suggested.  ...  In this paper, we present a retroactive analysis to close this research gap.  ...  This work was supported by the US National Science Foundation under award CNS-1528156.  ... 
arXiv:2004.13239v2 fatcat:rpd3r67ntvcvfn6cqqlluo3y4m

Predicting Impending Exposure to Malicious Content from User Behavior

Mahmood Sharif, Jumpei Urakawa, Nicolas Christin, Ayumu Kubota, Akira Yamada
2018 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security - CCS '18  
We find that self-reported data can help forecast exposure risk over long periods of time.  ...  By observing user behavior, it can predict whether they will be exposed to malicious content on the web seconds before the moment of exposure, thus opening a window of opportunity for proactive defenses  ...  Malicious domains are less likely to be (directly) linked to from top-domains. So, we use the fraction of HTTP requests to non-top domains (i.e., outside the Alexa top-100,000) as another feature.  ... 
doi:10.1145/3243734.3243779 dblp:conf/ccs/SharifUCKY18 fatcat:nx5ugxj62raojayowd2pk4eiya

Malicious Domain Detection Based on Machine Learning

2018 DEStech Transactions on Computer Science and Engineering  
In this paper, we first introduce the background knowledge of malicious domain detection and classify the malicious domain according to its malicious behavior.  ...  At present, malicious domain detection, especially malicious domain detection based on machine learning, is one of the research hotspot in network security field.  ...  [33] introduced the EXPOSURE system, which used large-scale passive DNS analysis to detect whether domains involved malicious activity.  ... 
doi:10.12783/dtcse/iceit2017/19866 fatcat:75wt7lq5zbct3elgcs7lbclo4e

An Imbalanced Malicious Domains Detection Method Based on Passive DNS Traffic Analysis

Zhenyan Liu, Yifei Zeng, Pengfei Zhang, Jingfeng Xue, Ji Zhang, Jiangtao Liu
2018 Security and Communication Networks  
This paper proposes a novel imbalanced malicious domains detection method based on passive DNS traffic analysis, which can effectively deal with not only the between-class imbalance problem but also the  ...  But the actual DNS traffic is inherently imbalanced; thus how to build malicious domains detection model oriented to imbalanced data is a very important issue worthy of study.  ...  Malicious Domain Detection Based on Passive DNS Traffic Analysis.  ... 
doi:10.1155/2018/6510381 fatcat:zwoaaa2pqzdurkfsrwojvsmezq

Discovering Malicious Domains through Passive DNS Data Graph Analysis

Issa Khalil, Ting Yu, Bei Guan
2016 Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security - ASIA CCS '16  
Malicious domains are key components to a variety of cyber attacks. Several recent techniques are proposed to identify malicious domains through analysis of DNS data.  ...  Carefully established associations enable the discovery of a large set of new malicious domains using a very small set of previously known malicious ones.  ...  We are not the first to utilize domain-resolution data to identify malicious domains. For example, both Notos [1] and Exposure [3] use features derived from passive DNS data.  ... 
doi:10.1145/2897845.2897877 dblp:conf/ccs/KhalilYG16 fatcat:zfkatykcdbdmhbjle53lmqufrm

Malicious Domain Detection Using Machine Learning On Domain Name Features, Host-Based Features and Web-Based Features

Gopinath Palaniappan, Sangeetha S, Balaji Rajendran, Sanjay, Shubham Goyal, Bindhumadhava B S
2020 Procedia Computer Science  
Our experiment is based on active DNS analysis and we look forward to take this work for passive DNS analysis.  ...  Our experiment is based on active DNS analysis and we look forward to take this work for passive DNS analysis.  ...  We plan our future work with larger datasets as follows: (a) we have already hosted a Recursive DNS (RDNS) and we plan to perform passive DNS analysis and feed its result to perform active DNS analysis  ... 
doi:10.1016/j.procs.2020.04.071 fatcat:ttikd4avkjfrzhyfmnkzo4kzwy

Detection of malicious payload distribution channels in DNS

A. Mert Kara, Hamad Binsalleeh, Mohammad Mannan, Amr Youssef, Mourad Debbabi
2014 2014 IEEE International Conference on Communications (ICC)  
Our work is based on an extensive analysis of malware datasets for one year, and a near real-time feed of passive DNS traffic.  ...  In this paper, we study the use of DNS as a malicious payload distribution channel.  ...  We begin by demonstrating the results of the DNS zone analysis module using the passive DNS dataset.  ... 
doi:10.1109/icc.2014.6883426 dblp:conf/icc/KaraBMYD14 fatcat:4m4nu6k4snfqxbgjk2fefijsau

DNS Traffic Analysis for Botnet Detection

Monika Wielogorska, Darragh O'Brien
2017 Irish Conference on Artificial Intelligence and Cognitive Science  
To perform this task a bot can use either a hardcoded IP address or perform a DNS lookup for a predefined or algorithmically-generated domain name.  ...  In this paper we present a prototype botnet detection system that leverages passive DNS traffic analysis to detect a botnet's presence in a local area network.  ...  Anomaly-based traffic analysis at the ISP level: EXPOSURE [2] is a detection system operating at the Internet Service Provider (ISP) level and capable of large-scale passive DNS traffic analysis with  ... 
dblp:conf/aics/WielogorskaO17 fatcat:kl5eh3dpknd4noryltkarb7afy

Domain Name System Security and Privacy: A Contemporary Survey [article]

Aminollah Khormali, Jeman Park, Hisham Alasmary, Afsah Anwar, David Mohaisen
2020 arXiv   pre-print
This paper not only focuses on the DNS threat landscape and existing challenges, but also discusses the utilized data analysis methods, which are frequently used to address DNS threat vulnerabilities.  ...  The domain name system (DNS) is one of the most important components of today's Internet, and is the standard naming convention between human-readable domain names and machine-routable IP addresses of  ...  [39] have presented a malicious domain detection system, called EXPOSURE, which analyzes a large set of passive DNS records.  ... 
arXiv:2006.15277v1 fatcat:loknouehirdhvdgztkevi27vse

Explaining Machine Learning DGA Detectors from DNS Traffic Data [article]

Giorgio Piras, Maura Pintor, Luca Demetrio, Battista Biggio
2022 arXiv   pre-print
This attack is made by leveraging the Domain Name System (DNS) technology through Domain Generation Algorithms (DGAs), a stealthy connection strategy that yet leaves suspicious data patterns.  ...  To detect such threats, advances in their analysis have been made.  ...  Related Work DNS Analysis. Several promising works have striven to tackle botnet/DGA detection during the last decade, often showing innovative DNS passive features and methodologies.  ... 
arXiv:2208.05285v1 fatcat:ve5ekf3wojdcxi7t2t3tfmru5i

Less is More: Robust and Novel Features for Malicious Domain Detection [article]

Chen Hajaj, Nitay Hason, Nissim Harel, Amit Dvir
2020 arXiv   pre-print
Malicious domains are increasingly common and pose a severe cybersecurity threat.  ...  This paper makes two main contributions: First, it provides an analysis of robust feature selection based on widely used features in the literature.  ...  This overview contributed in four ways to the literature. (1) They surveyed implemented systems that used passive DNS analysis to detect DNS abuse/misuse; (2) they performed an in-depth analysis of the  ... 
arXiv:2006.01449v1 fatcat:lctx65q5ozcntos2kmq7qwpbi4

A Survey on Malicious Domains Detection through DNS Data Analysis

Yury Zhauniarovich, Issa Khalil, Ting Yu, Marc Dacier
2018 ACM Computing Surveys  
We describe a general framework of malicious domain detection techniques using DNS data.  ...  In each aspect, we discuss the important challenges that the research community should address in order to fully realize the power of DNS data analysis to fight against attacks leveraging malicious domains  ...  Detection of malicious domains through the analysis of DNS data has a number of benefits compared to other approaches.  ... 
doi:10.1145/3191329 fatcat:lbtstk4zirabxiixxrqtv5oehi

Early Detection of Spam Domains with Passive DNS and SPF [chapter]

Simon Fernandez, Maciej Korczyński, Andrzej Duda
2022 Lecture Notes in Computer Science  
In this paper, using near-real-time passive DNS data from Farsight Security, we monitor the DNS traffic of newly registered domains and the contents of their TXT records, in particular, the configuration  ...  Because spammers and benign domains have different SPF rules and different traffic profiles, we build a new method to detect spam domains using features collected from passive DNS traffic.  ...  We thank Farsight Security for providing access to the passive DNS traffic as well as SpamHaus and SURBL for the spam blacklists.  ... 
doi:10.1007/978-3-030-98785-5_2 fatcat:q6kv4x56nvd6bfza7nxxfgg4ji

Detecting Malware Based on DNS Graph Mining

Futai Zou, Siyu Zhang, Weixiong Rao, Ping Yi
2015 International Journal of Distributed Sensor Networks  
Meanwhile, 117,971 domains are considered to be related to malicious activities, accounting for 1.5% among all domains.  ...  A DNS graph is composed of DNS nodes, which represent server IPs, client IPs, and queried domain names in the process of DNS resolution.  ...  Passive DNS Graph. Passive DNS graph (PDG) can be constructed using resource records of DNS response traffic or from a passive DNS database.  ... 
doi:10.1155/2015/102687 fatcat:whbj2sdb5refznvfcvu5skvj5y
« Previous Showing results 1 — 15 out of 633 results