论文信息 - Clustering Malicious DNS Queries for Blacklist-Based Detection

Clustering Malicious DNS Queries for Blacklist-Based Detection

Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our causebased classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly. key words: malware, blacklist, DNS query, machine learning

[1] Luca Scrucca,et al. mclust 5: Clustering, Classification and Density Estimation Using Gaussian Finite Mixture Models , 2016, R J..

[2] Katsuyoshi Iida,et al. Analysis of DNS TXT Record Usage and Consideration of Botnet Communication Detection , 2018, IEICE Trans. Commun..

[3] Arturo Azcorra,et al. TorrentGuard: Stopping scam and malware distribution in the BitTorrent ecosystem , 2014, Comput. Networks.

[4] Babak Rahbarinia,et al. Efficient and Accurate Behavior-Based Tracking of Malware-Control Domains in Large ISP Networks , 2016, ACM Trans. Priv. Secur..

[5] Hui-Tang Lin,et al. DBod: Clustering and detecting DGA-based botnets using DNS traffic analysis , 2017, Comput. Secur..

[6] Nizar Kheir,et al. Mentor: Positive DNS Reputation to Skim-Off Benign Domains in Botnet C&C Blacklists , 2014, SEC.

[7] Andrew Berns. Searching for Malware in BitTorrent , 2008 .

[8] Wilfried N. Gansterer,et al. Mining agile DNS traffic using graph analysis for cybercrime detection , 2016, Comput. Networks.

[9] Quoc V. Le,et al. Distributed Representations of Sentences and Documents , 2014, ICML.

[10] Christian Rossow,et al. RUHR-UNIVERSITÄT BOCHUM , 2014 .

[11] Jeffrey Dean,et al. Distributed Representations of Words and Phrases and their Compositionality , 2013, NIPS.