| Presentation | 2024-03-12 Improvement of Unknown Malicious Domain Detection Based on DNS Query History Analysis Hiroto Yamada, Daiki Nobayashi, Takeshi Ikenaga, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Network users are increasing and there is concern about the malware infection. In some cases, malware-infected terminals use Domain Name System (DNS) when communicating with command and control (C&C) servers to obtain information for attacks. In previous study, a method to detect unknown malicious domains was proposed by focusing on the DNS logs access history of malware-infected terminals and deriving co-occurrence relationships with known malicious domains based on the assumption that characteristic behaviors appear before and after accesses with the C&C server. However, there is a problem that the detection accuracy of unknown malicious domains decreases when the training data is small. In this paper aims to improve the accuracy of malicious domain detection by also focusing on record and time information from DNS log responses. In this study, evaluates the effectiveness of the proposed method in terms of malicious domain detection accuracy, using actual DNS logs. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | DNS / Machine Learning / malware |
| Paper # | SITE2023-83,IA2023-89 |
| Date of Issue | 2024-03-05 (SITE, IA) |
| Conference Information | |
| Committee | IA / SITE / IPSJ-IOT |
|---|---|
| Conference Date | 2024/3/12(3days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Miyakojima City Future Creation Center |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Internet and Information Ethics Education, etc. |
| Chair | Toyokazu Akiyama(Kyoto Sangyo Univ.) / Takushi Otani(Kibi International Univ.) |
| Vice Chair | Yusuke Sakumoto(Kwansei Gakuin Univ.) / Toshiki Watanabe(NEC) / Yuichiro Hei(KDDI) / Soichiro Morishita(Cyber Agent) / Takeo Tatsumi(Open Univ. of Japan) |
| Secretary | Yusuke Sakumoto(Osaka Univ.) / Toshiki Watanabe(Kogakuin Univ.) / Yuichiro Hei(Kyushu Inst. of Tech.) / Soichiro Morishita(NRI-Secure) / Takeo Tatsumi(Fukuoka Inst. of Tech.) |
| Assistant | Daisuke Kotani(Kyoto Univ.) / Ryo Nakamura(Fukuoka Univ.) / Ryo Nakamura(Univ. of Tokyo) / Yusuke Kaneko(Japan Research Institute) / Rodriguez Samudio Ruben Enrique(Waseda Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Internet Architecture / Technical Committee on Social Implications of Technology and Information Ethics / Special Interest Group on Internet and Operation Technology |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Improvement of Unknown Malicious Domain Detection Based on DNS Query History Analysis |
| Sub Title (in English) | |
| Keyword(1) | DNS |
| Keyword(2) | Machine Learning |
| Keyword(3) | malware |
| 1st Author's Name | Hiroto Yamada |
| 1st Author's Affiliation | Kyushu Institute of Technology(kyutech) |
| 2nd Author's Name | Daiki Nobayashi |
| 2nd Author's Affiliation | Kyushu Institute of Technology(kyutech) |
| 3rd Author's Name | Takeshi Ikenaga |
| 3rd Author's Affiliation | Kyushu Institute of Technology(kyutech) |
| Date | 2024-03-12 |
| Paper # | SITE2023-83,IA2023-89 |
| Volume (vol) | vol.123 |
| Number (no) | SITE-421,IA-422 |
| Page | pp.pp.92-97(SITE), pp.92-97(IA), |
| #Pages | 6 |
| Date of Issue | 2024-03-05 (SITE, IA) |