论文信息 - Detecting Malicious Domains by Massive DNS Traffic Data Analysis

Detecting Malicious Domains by Massive DNS Traffic Data Analysis

DNS (Domain name System) is one of the most prevalent protocols on modern networks and is essential for the correct operation of many network activities including the malicious operation. Monitoring the DNS traffic is an effective method to detect malicious activities. In this paper, we proposed an approach to detect malicious domains by analyzing massive mobile web traffic data. We used multiple features to classify, including the textual features and the traffic statistics features of domains and presented three typical classifiers to compare the classifying effect of each. Spark framework is leveraged to speed up the calculation of a large-scale DNS traffic. The efficiency of our system makes us believe the approach can help a lot in the field of network security.

[1] Leyla Bilge,et al. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis , 2011, NDSS.

[2] Etienne Stalmans,et al. A framework for DNS based detection and mitigation of malware infections on a network , 2011, 2011 Information Security for South Africa.

[3] Andy Liaw,et al. Classification and Regression by randomForest , 2007 .

[4] John Frank Charles Kingman,et al. Markov transition probabilities , 1967 .

[5] Sandeep Yadav,et al. Detecting algorithmically generated malicious domain names , 2010, IMC '10.

[6] Wenke Lee,et al. Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces , 2009, 2009 Annual Computer Security Applications Conference.

[7] Thorsten Joachims,et al. Making large scale SVM learning practical , 1998 .

[8] David D. Lewis,et al. Naive (Bayes) at Forty: The Independence Assumption in Information Retrieval , 1998, ECML.

[9] J. Kingman. Markov transition probabilities , 1968 .

[10] Markov transition probabilities IV — Recurrence time distributions , 1968 .

[11] William J. Buchanan,et al. Detection of Algorithmically Generated Malicious Domain , 2018 .

[12] Christopher Krügel,et al. Your botnet is my botnet: analysis of a botnet takeover , 2009, CCS.