110 Hits in 7.4 sec

Less is More: Robust and Novel Features for Malicious Domain Detection [article]

Chen Hajaj, Nitay Hason, Nissim Harel, Amit Dvir
2020 arXiv   pre-print
Since machine learning has become one of the most prominent methods of malware detection, A robust feature selection mechanism is proposed that results in malicious domain detection models that are resistant  ...  , and at the same time useful for classifying non-manipulated data.  ...  systems and highlighted their strengths and limitations; (3) they implemented a system prototype for near real-time threat detection using a big data analytic framework and passive DNS traffic; (4) they  ... 
arXiv:2006.01449v1 fatcat:lctx65q5ozcntos2kmq7qwpbi4

Identifying malicious accounts in Blockchains using Domain Names and associated temporal properties [article]

Rohit Kumar Sachan, Rachit Agarwal, Sandeep Kumar Shukla
2021 arXiv   pre-print
Here, we leverage the temporal aspects attached to the DNs. Our results identify 144930 DNs that show malicious behavior, and out of these, 54114 DNs show persistent malicious behavior over time.  ...  Many machine learning algorithms are applied to detect such illegal behavior.  ...  In [13] , [14] , the authors present an ML-based approach to detect malicious Fast-Flux DNs that use features (like short TTL and the high number of resolved IPs) available from the passive DNS traffic  ... 
arXiv:2106.13420v1 fatcat:5ewvbvdgh5df3gf546egg4ynxm

Machine learning for network-based malware detection [article]

Matija Stevanovic
2016 Ph.d.-serien for Det Teknisk-Naturvidenskabelige Fakultet, Aalborg Universitet  
The proposed detection method relies on MLA for identifying malicious agile domains-to-IPs mappings i.e. Fast-flux and Domain-flux as resilience techniques often used by malware.  ...  Detection methods that target agile malicious DNS traffic i.e. Fast-flux and Domain-flux often have MLAs at their core and therefore suffer from the same problem.  ...  The challenge specially addressed by the thesis is the "ground truth" problem, where we proposed a novel labeling approach for obtaining the ground truth on agile DNS traffic that provides reliable and  ... 
doi:10.5278/ fatcat:cd4txihrd5dt3nsjsmwjn53pbi

ARBA: Anomaly and Reputation Based Approach for Detecting Infected IoT Devices

Gilad Rosenthal, Ofir Erets Kdosha, Kobi Cohen, Alon Freund, Avishay Bartik, Aviv Ron
2020 IEEE Access  
In [35] , the authors proposed a semi supervised ML model using a neural network to identify anomalies in network traffic. The goal was to detect potential attacks hidden by fast flux.  ...  DomainObserver applies passive traffic measurements and time series data mining techniques to detect malicious domains.  ... 
doi:10.1109/access.2020.3014619 fatcat:gcxf3ditdjhr5jljl6itzkeddi

On the use of machine learning for identifying botnet network traffic

Matija Stevanovic, Jens Myrup Pedersen
2016 Journal of Cyber Security and Mobility  
and Domain-flux.  ...  Furthermore, one of the important goals of future detection systems is to operate in real-time thus facilitating timely detection.  ... 
doi:10.13052/jcsm2245-1439.421 fatcat:heohtahwlrhqdfkkyemc4n7qca

Tracking and Characterizing Botnets Using Automatically Generated Domains [article]

Stefano Schiavoni and Stefano Zanero Royal Holloway University of London)
2013 arXiv   pre-print
Recent works focus on recognizing automatically generated domains (AGDs) from DNS traffic, which potentially allows to identify previously unknown AGDs to hinder or disrupt botnets' communication capabilities  ...  We propose a mechanism that overcomes the above limitations by analyzing DNS traffic data through a combination of linguistic and IP-based features of suspicious domains.  ...  Given the activity that we want to monitor, for instance, the DNS traffic of that botnet, we can then plot one time series for each partition.  ... 
arXiv:1311.5612v1 fatcat:smwpatcxybd5lnwpet6okj7di4

Phoenix: DGA-Based Botnet Tracking and Intelligence [chapter]

Stefano Schiavoni, Federico Maggi, Lorenzo Cavallaro, Stefano Zanero
2014 Lecture Notes in Computer Science  
Given the prevalence of this mechanism, recent work has focused on the analysis of DNS traffic to recognize botnets based on their DGAs.  ...  While previous work has concentrated on detection, we focus on supporting intelligence operations.  ...  Given the activity that we want to monitor, for instance, the DNS traffic of that botnet, we can then plot one time series for each partition.  ... 
doi:10.1007/978-3-319-08509-8_11 fatcat:py5julv3n5b7jasgyscfa7mndy

A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques

Muhammad AAMIR, Mustafa Ali ZAIDI
2013 Interdisciplinary Information Sciences  
On the other hand, variable rate attack changes its impact and flow with time, making it more difficult to detect and respond.  ...  We survey different papers describing methods of defense against DDoS attacks based on entropy variations, traffic anomaly parameters, neural networks, device level defense, botnet flux identifications  ...  In [70] , authors develop a real time FFSN prediction model to analyze a website's DNS with distributed architecture through a mix of active and passive methods.  ... 
doi:10.4036/iis.2013.173 fatcat:pgvcutvfajejpmgatezon5ftdq

The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks

Konstantinos Demertzis, Nikos Tziritas, Panayiotis Kikiras, Salvador Llopis Sanchez, Lazaros Iliadis
2019 Big Data and Cognitive Computing  
(SAM/k-NN) to examine patterns from real-time streams.  ...  A Security Operations Center (SOC) is a central technical level unit responsible for monitoring, analyzing, assessing, and defending an organization's security posture on an ongoing basis.  ...  [25] proposed an innovative structure for detecting botnets in real time based on performance metrics to investigate whether a suspicious server is a fast-flux bot.  ... 
doi:10.3390/bdcc3010006 fatcat:qskf3u5xkfephh5tcis3ibo35i

Detection of DGA-Generated Domain Names with TF-IDF

Harald Vranken, Hassan Alizadeh
2022 Electronics  
We first present an extensive literature review on recent prior work in which machine learning and deep learning have been applied for detecting DGA-generated domain names.  ...  For comparison, we also apply an LSTM model with embedding layer to convert domain names from a sequence of characters into a vector representation.  ...  Acknowledgments: We kindly thank IT and Facility Services at Open Universiteit and SURF for providing the compute servers for performing our experiments.  ... 
doi:10.3390/electronics11030414 fatcat:ykcmtt6v2fdz5lhvntgbdwfdta

Advanced Methods for Botnet Intrusion Detection Systems [chapter]

Son T., Mohammed S.
2011 Intrusion Detection Systems  
(http web servers); or use of IRC in combination to DNS fast-flux techniques, as explained in section 2.4.1.  ...  This is mainly done since most firewalls cannot distinguish between web-based bot Intrusion Detection Systems 58 traffic, and legitimate web traffic.  ...  DNS monitor approaches have been used for lookup behaviors commonly used by bots using active methods such as DNS hijacking or passive methods such as DNS Black listing (Ramachandran et al, 2006) .  ... 
doi:10.5772/15401 fatcat:sba5cb73kfcptkzkh7fqdc5pqu

An orchestration approach for unwanted Internet traffic identification

Eduardo Feitosa, Eduardo Souto, Djamel H. Sadok
2012 Computer Networks  
[135] propose a statistical model based on modeling aggregate traffic using time series and, as a consequence, offer an anomaly detection procedure based on such modeling.  ...  The DNS zone transfer process is also used to spread the cache poisoning. Another recent type of DNS attack is called Fast-Flux Domains.  ... 
doi:10.1016/j.comnet.2012.04.018 fatcat:2aeso6gfq5dmhixzfzpjo7jrwm

Security issues in cloud environments: a survey

Diogo A. B. Fernandes, Liliana F. B. Soares, João V. Gomes, Mário M. Freire, Pedro R. M. Inácio
2013 International Journal of Information Security  
The possibility of paying-as-you-go mixed with an on-demand elastic operation is changing the enterprise computing model, shifting on-premises infrastructures to offpremises data centers, accessed over  ...  It addresses several key topics, namely vulnerabilities, threats and attacks, proposing a taxonomy for their classification.  ...  Acknowledgements We would like to thank all the anonymous reviewers for constructively criticizing this work.  ... 
doi:10.1007/s10207-013-0208-7 fatcat:55o67epb6zfspchxuzvuduzr4a

Present State of CFD Softwares Application for Launch Vehicle Analysis
발사체 해석을 위한 CFD 소프트웨어 적용 현황

Hwanghui Jeong, Jae Yeol Kim, Jae-Ryul Shin
2020 Journal of the Korean Society of Propulsion Engineers  
Please visit the following URL for additional information: http://opensource .gsfc .nasa .gov/projects/xml2he/index .  ...  Outlier Detection Via Estimating Clusters (ODVEC) ARC-16467-1 ODVEC software provides an efficient method for real-time or offline analysis of multivariate sensor data for use in anomaly detection, fault  ...  Thresholding, color scaling, and spatial filtering are applied to output detection, and the information is overlaid onto the B-mode image in real time . U.S.  ... 
doi:10.6108/kspe.2020.24.3.071 fatcat:trxkhiuqrjakll32bcjxskgwju

An Evolutionary Game-Based Mechanism for Routing P2P Network Flow among Selfish Peers

Fang Zuo, Wei Zhang
2014 Journal of Networks  
The DAIM model can provide richness of nature-inspired adaptation algorithms on a complex distributed computing environment.  ...  DAIM model also considers challenges of autonomic functionalities, where each network's device can make its own decisions on the basis of collected information by the DAIM agents.  ...  This will help for identifying the real-time data traffic classification. Through the traffic pattern identification based on the CID-info, we could learn more about the traffic characteristics.  ... 
doi:10.4304/jnw.9.01.10-17 fatcat:tbmafdamk5am7a6ba26gsxzydq
« Previous Showing results 1 — 15 out of 110 results