A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
Less is More: Robust and Novel Features for Malicious Domain Detection
[article]
2020
arXiv
pre-print
Preserved Fulltext
Since machine learning has become one of the most prominent methods of malware detection, A robust feature selection mechanism is proposed that results in malicious domain detection models that are resistant ...
, and at the same time useful for classifying non-manipulated data. ...
systems and highlighted their strengths and limitations; (3) they implemented a system prototype for near real-time threat detection using a big data analytic framework and passive DNS traffic; (4) they ...
arXiv:2006.01449v1
fatcat:lctx65q5ozcntos2kmq7qwpbi4
Identifying malicious accounts in Blockchains using Domain Names and associated temporal properties
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Here, we leverage the temporal aspects attached to the DNs. Our results identify 144930 DNs that show malicious behavior, and out of these, 54114 DNs show persistent malicious behavior over time. ...
Many machine learning algorithms are applied to detect such illegal behavior. ...
In [13] , [14] , the authors present an ML-based approach to detect malicious Fast-Flux DNs that use features (like short TTL and the high number of resolved IPs) available from the passive DNS traffic ...
arXiv:2106.13420v1
fatcat:5ewvbvdgh5df3gf546egg4ynxm
Machine learning for network-based malware detection
[article]
2016
Ph.d.-serien for Det Teknisk-Naturvidenskabelige Fakultet, Aalborg Universitet
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
The proposed detection method relies on MLA for identifying malicious agile domains-to-IPs mappings i.e. Fast-flux and Domain-flux as resilience techniques often used by malware. ...
Detection methods that target agile malicious DNS traffic i.e. Fast-flux and Domain-flux often have MLAs at their core and therefore suffer from the same problem. ...
The challenge specially addressed by the thesis is the "ground truth" problem, where we proposed a novel labeling approach for obtaining the ground truth on agile DNS traffic that provides reliable and ...
doi:10.5278/vbn.phd.engsci.00088
fatcat:cd4txihrd5dt3nsjsmwjn53pbi
ARBA: Anomaly and Reputation Based Approach for Detecting Infected IoT Devices
2020
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
In [35] , the authors proposed a semi supervised ML model using a neural network to identify anomalies in network traffic. The goal was to detect potential attacks hidden by fast flux. ...
DomainObserver applies passive traffic measurements and time series data mining techniques to detect malicious domains. ...
doi:10.1109/access.2020.3014619
fatcat:gcxf3ditdjhr5jljl6itzkeddi
On the use of machine learning for identifying botnet network traffic
2016
Journal of Cyber Security and Mobility
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
and Domain-flux. ...
Furthermore, one of the important goals of future detection systems is to operate in real-time thus facilitating timely detection. ...
doi:10.13052/jcsm2245-1439.421
fatcat:heohtahwlrhqdfkkyemc4n7qca
Tracking and Characterizing Botnets Using Automatically Generated Domains
[article]
2013
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Recent works focus on recognizing automatically generated domains (AGDs) from DNS traffic, which potentially allows to identify previously unknown AGDs to hinder or disrupt botnets' communication capabilities ...
We propose a mechanism that overcomes the above limitations by analyzing DNS traffic data through a combination of linguistic and IP-based features of suspicious domains. ...
Given the activity that we want to monitor, for instance, the DNS traffic of that botnet, we can then plot one time series for each partition. ...
arXiv:1311.5612v1
fatcat:smwpatcxybd5lnwpet6okj7di4
Phoenix: DGA-Based Botnet Tracking and Intelligence
[chapter]
2014
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
Given the prevalence of this mechanism, recent work has focused on the analysis of DNS traffic to recognize botnets based on their DGAs. ...
While previous work has concentrated on detection, we focus on supporting intelligence operations. ...
Given the activity that we want to monitor, for instance, the DNS traffic of that botnet, we can then plot one time series for each partition. ...
doi:10.1007/978-3-319-08509-8_11
fatcat:py5julv3n5b7jasgyscfa7mndy
A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques
2013
Interdisciplinary Information Sciences
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
On the other hand, variable rate attack changes its impact and flow with time, making it more difficult to detect and respond. ...
We survey different papers describing methods of defense against DDoS attacks based on entropy variations, traffic anomaly parameters, neural networks, device level defense, botnet flux identifications ...
In [70] , authors develop a real time FFSN prediction model to analyze a website's DNS with distributed architecture through a mix of active and passive methods. ...
doi:10.4036/iis.2013.173
fatcat:pgvcutvfajejpmgatezon5ftdq
The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks
2019
Big Data and Cognitive Computing
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
(SAM/k-NN) to examine patterns from real-time streams. ...
A Security Operations Center (SOC) is a central technical level unit responsible for monitoring, analyzing, assessing, and defending an organization's security posture on an ongoing basis. ...
[25] proposed an innovative structure for detecting botnets in real time based on performance metrics to investigate whether a suspicious server is a fast-flux bot. ...
doi:10.3390/bdcc3010006
fatcat:qskf3u5xkfephh5tcis3ibo35i
Detection of DGA-Generated Domain Names with TF-IDF
2022
Electronics
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
We first present an extensive literature review on recent prior work in which machine learning and deep learning have been applied for detecting DGA-generated domain names. ...
For comparison, we also apply an LSTM model with embedding layer to convert domain names from a sequence of characters into a vector representation. ...
Acknowledgments: We kindly thank IT and Facility Services at Open Universiteit and SURF for providing the compute servers for performing our experiments. ...
doi:10.3390/electronics11030414
fatcat:ykcmtt6v2fdz5lhvntgbdwfdta
Advanced Methods for Botnet Intrusion Detection Systems
[chapter]
2011
Intrusion Detection Systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
(http web servers); or use of IRC in combination to DNS fast-flux techniques, as explained in section 2.4.1. ...
This is mainly done since most firewalls cannot distinguish between web-based bot www.intechopen.com Intrusion Detection Systems 58 traffic, and legitimate web traffic. ...
DNS monitor approaches have been used for lookup behaviors commonly used by bots using active methods such as DNS hijacking or passive methods such as DNS Black listing (Ramachandran et al, 2006) . ...
doi:10.5772/15401
fatcat:sba5cb73kfcptkzkh7fqdc5pqu
An orchestration approach for unwanted Internet traffic identification
2012
Computer Networks
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
[135] propose a statistical model based on modeling aggregate traffic using time series and, as a consequence, offer an anomaly detection procedure based on such modeling. ...
The DNS zone transfer process is also used to spread the cache poisoning. Another recent type of DNS attack is called Fast-Flux Domains. ...
doi:10.1016/j.comnet.2012.04.018
fatcat:2aeso6gfq5dmhixzfzpjo7jrwm
Security issues in cloud environments: a survey
2013
International Journal of Information Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
The possibility of paying-as-you-go mixed with an on-demand elastic operation is changing the enterprise computing model, shifting on-premises infrastructures to offpremises data centers, accessed over ...
It addresses several key topics, namely vulnerabilities, threats and attacks, proposing a taxonomy for their classification. ...
Acknowledgements We would like to thank all the anonymous reviewers for constructively criticizing this work. ...
doi:10.1007/s10207-013-0208-7
fatcat:55o67epb6zfspchxuzvuduzr4a
Present State of CFD Softwares Application for Launch Vehicle Analysis
발사체 해석을 위한 CFD 소프트웨어 적용 현황
2020
Journal of the Korean Society of Propulsion Engineers
발사체 해석을 위한 CFD 소프트웨어 적용 현황
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Please visit the following URL for additional information: http://opensource .gsfc .nasa .gov/projects/xml2he/index . ...
Outlier Detection Via Estimating Clusters (ODVEC) ARC-16467-1 ODVEC software provides an efficient method for real-time or offline analysis of multivariate sensor data for use in anomaly detection, fault ...
Thresholding, color scaling, and spatial filtering are applied to output detection, and the information is overlaid onto the B-mode image in real time . U.S. ...
doi:10.6108/kspe.2020.24.3.071
fatcat:trxkhiuqrjakll32bcjxskgwju
An Evolutionary Game-Based Mechanism for Routing P2P Network Flow among Selfish Peers
2014
Journal of Networks
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
The DAIM model can provide richness of nature-inspired adaptation algorithms on a complex distributed computing environment. ...
DAIM model also considers challenges of autonomic functionalities, where each network's device can make its own decisions on the basis of collected information by the DAIM agents. ...
This will help for identifying the real-time data traffic classification. Through the traffic pattern identification based on the CID-info, we could learn more about the traffic characteristics. ...
doi:10.4304/jnw.9.01.10-17
fatcat:tbmafdamk5am7a6ba26gsxzydq
« Previous
Showing results 1 — 15 out of 110 results