| Presentation | 2022-06-24 Studies on Blacklists based DNS Query Analysis for Malicious Domain Detection Hiroto Yamada, Daiki Nobayashi, Takeshi Ikenaga, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Malware infection of network users is one of the critical threats on the Internet. Users have a risk of being infected with malware in various ways, such as through email attachments, browsing websites, and clicking on web advertisements. A major countermeasure for malware infection is a signature-type detection method that uses a blacklist to block communication with a C&C server that the malware accesses for malicious attacks. However, if the C&C server is an unknown malicious domain name not included in the blacklist, the countermeasure cannot be effective. Furthermore, malware is on the rise every day, so the unknown malicious domain names have been increasing. This paper focuses on the DNS query logs of malware-infected devices and proposes an unknown malicious domain name detection method using the access history of network users. We aim to detect an unknown malicious domains name using machine learning to analyze the access history of DNS queries of malware-infected devices. In this study, to evaluate the effectiveness of the proposed method, we verify the detection performance of unknown malicious domain names using actual DNS query logs. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | DNSquery / Machine Learning / malware |
| Paper # | IA2022-14,ICSS2022-14 |
| Date of Issue | 2022-06-16 (IA, ICSS) |
| Conference Information | |
| Committee | IA / ICSS |
|---|---|
| Conference Date | 2022/6/23(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Univ. of Nagasaki |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Internet Security, etc. |
| Chair | Tomoki Yoshihisa(Osaka Univ.) / Katsunari Yoshioka(Yokohama National Univ.) |
| Vice Chair | Toru Kondo(Hiroshima Univ.) / Yuichiro Hei(KDDI Research) / Hiroshi Yamamoto(Ritsumeikan Univ.) / Kazunori Kamiya(NTT) / Takahiro Kasama(NICT) |
| Secretary | Toru Kondo(Osaka Univ.) / Yuichiro Hei(Kogakuin Univ.) / Hiroshi Yamamoto(NEC) / Kazunori Kamiya(KDDI labs.) / Takahiro Kasama(Okayama Univ.) |
| Assistant | Daisuke Kotani(Kyoto Univ.) / Ryo Nakamurai(Fukuoka Univ.) / Daiki Nobayashi(Kyushu Inst. of Tech.) / Keisuke Kito(Mitsubishi Electric) / Takeshi Sugawara(Univ. of Electro-Comm.) |
| Paper Information | |
| Registration To | Technical Committee on Internet Architecture / Technical Committee on Information and Communication System Security |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Studies on Blacklists based DNS Query Analysis for Malicious Domain Detection |
| Sub Title (in English) | |
| Keyword(1) | DNSquery |
| Keyword(2) | Machine Learning |
| Keyword(3) | malware |
| 1st Author's Name | Hiroto Yamada |
| 1st Author's Affiliation | Kyushu Institute of Technology(Kyutech) |
| 2nd Author's Name | Daiki Nobayashi |
| 2nd Author's Affiliation | Kyushu Institute of Technology(Kyutech) |
| 3rd Author's Name | Takeshi Ikenaga |
| 3rd Author's Affiliation | Kyushu Institute of Technology(Kyutech) |
| Date | 2022-06-24 |
| Paper # | IA2022-14,ICSS2022-14 |
| Volume (vol) | vol.122 |
| Number (no) | IA-85,ICSS-86 |
| Page | pp.pp.76-80(IA), pp.76-80(ICSS), |
| #Pages | 5 |
| Date of Issue | 2022-06-16 (IA, ICSS) |