论文信息 - Analysis of the Similarities in Malicious DNS Domain Names

Analysis of the Similarities in Malicious DNS Domain Names

This paper presents results of studies on similarities in the construction of malicious DNS domain names. Based on sets of malicious domain names (or URLs, where only mnemonic host names are taken into account) a prototype tool searches for formulated similarities in the construction of malicious domains. A key research task was to find features of similarity which could be useful in the detection of malicious behavior. Research results can be used as an additional characteristic of existing heuristic methods for determining the malicious character of domains or websites. They could also be used as a hint for specialists to take a closer look at domains which are similar to other malicious domains.

Adam Kozakiewicz | Krzysztof Lasota

[1] Jack W. Stokes,et al. WebCop: Locating Neighborhoods of Malware on the Web , 2010, LEET.

[2] Niels Provos,et al. All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[3] Timothy W. Finin,et al. SVMs for the Blogosphere: Blog Identification and Splog Detection , 2006, AAAI Spring Symposium: Computational Approaches to Analyzing Weblogs.

[4] Minaxi Gupta,et al. Behind Phishing: An Examination of Phisher Modi Operandi , 2008, LEET.

[5] Lawrence K. Saul,et al. Beyond blacklists: learning to detect malicious web sites from suspicious URLs , 2009, KDD.

[6] Dan Gusfield,et al. Algorithms on Strings, Trees, and Sequences - Computer Science and Computational Biology , 1997 .

[7] Jose Nazario,et al. PhoneyC: A Virtual Client Honeypot , 2009, LEET.