论文信息 - Spam Domain Detection Method Using Active DNS Data and E-Mail Reception Log

Spam Domain Detection Method Using Active DNS Data and E-Mail Reception Log

E-mail is widespread and an essential communication technology in modern times. Since e-mail has problems with spam mails and spoofed e-mails, countermeasures are required. Although SPF, DKIM and DMARC have been proposed as sender domain authentication, these mechanisms cannot detect non-spoofing spam mails. To overcome this issue, this paper proposes a method to detect spam domains by supervised learning with features extracted from e-mail reception log and active DNS data, such as the result of Sender Authentication, the Sender IP address, the number of each DNS record, and so on. As a result of the experiment, our method can detect spam domains with 88.09% accuracy and 97.11% precision. We confirmed that our method can detect spam domains with detection accuracy 19.40% higher than the previous study by utilizing not only active DNS data but also e-mail reception log in combination.

Nariyoshi Yamai | Naoya Kitagawa | Kenya Dan | Shuji Sakuraba

[1] Leyla Bilge,et al. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis , 2011, NDSS.

[2] Murray S. Kucherawy,et al. Domain-based Message Authentication, Reporting, and Conformance (DMARC) , 2015, RFC.

[3] Aziz Qaroush,et al. Identifying spam e-mail based-on statistical header features and sender behavior , 2012, CUBE.

[4] Nick Feamster,et al. PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration , 2016, CCS.

[5] Murray S. Kucherawy,et al. DomainKeys Identified Mail (DKIM) Signatures , 2011, RFC.

[6] Nick Feamster,et al. Building a Dynamic Reputation System for DNS , 2010, USENIX Security Symposium.

[7] Scott Kitterman,et al. Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1 , 2014, RFC.

[8] Roland van Rijswijk-Deij,et al. Melting the snow: Using active DNS measurements to detect snowshoe spam domains , 2018, NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium.