Paper Abstract and Keywords |
Presentation |
2015-06-12 10:50
Detecting Malicious Domain Names based on the Time-series Analysis of Attackers Network Resources Daiki Chiba (NTT/Waseda Univ.), Takeshi Yagi, Mitsuaki Akiyama (NTT), Tatsuya Mori (Waseda Univ.), Takeshi Yada, Takeo Hariu (NTT), Shigeki Goto (Waseda Univ.) IA2015-10 ICSS2015-10 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
Attackers launching cyber attacks frequently change their malicious websites to evade countermeasures such as blacklisting. To detect such changing malicious websites, many detection methods using the network and domain name based characteristics have been proposed. However, a typical detection method fails to evaluate changing malicious websites since the method only relies on the information at a certain point in time. Therefore, we propose a new detection method of malicious domain names focusing on the characteristics of attackers behavior, especially the changing situation of malicious domain names. Moreover, we realize the method for determining the optimal granularity of malicious domain names for preventing users from accessing them. Our evaluation using large and latest real dataset reveals that our method successfully detects previously undetectable malicious domain names by the typical method. The evaluation also shows that many malicious websites can be effectively blocked using the granularity of domain names. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Drive-by download attack / Domain name / Blacklisting / DNS / Machine learning / / / |
Reference Info. |
IEICE Tech. Rep., vol. 115, no. 81, ICSS2015-10, pp. 51-56, June 2015. |
Paper # |
ICSS2015-10 |
Date of Issue |
2015-06-04 (IA, ICSS) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
IA2015-10 ICSS2015-10 |
|