攻撃インフラの時系列変動特性に基づく悪性ドメイン名の検知法

千葉 大紀; 八木 毅; 秋山 満昭; 森 達哉; 矢田 健; 針生 剛男; 後藤 滋樹

Presentation	2015-06-12 Detecting Malicious Domain Names based on the Time-series Analysis of Attackers Network Resources Daiki Chiba, Takeshi Yagi, Mitsuaki Akiyama, Tatsuya Mori, Takeshi Yada, Takeo Hariu, Shigeki Goto,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	Attackers launching cyber attacks frequently change their malicious websites to evade countermeasures such as blacklisting. To detect such changing malicious websites, many detection methods using the network and domain name based characteristics have been proposed. However, a typical detection method fails to evaluate changing malicious websites since the method only relies on the information at a certain point in time. Therefore, we propose a new detection method of malicious domain names focusing on the characteristics of attackers behavior, especially the changing situation of malicious domain names. Moreover, we realize the method for determining the optimal granularity of malicious domain names for preventing users from accessing them. Our evaluation using large and latest real dataset reveals that our method successfully detects previously undetectable malicious domain names by the typical method. The evaluation also shows that many malicious websites can be effectively blocked using the granularity of domain names.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	Drive-by download attack / Domain name / Blacklisting / DNS / Machine learning
Paper #	IA2015-10,ICSS2015-10
Date of Issue	2015-06-04 (IA, ICSS)

Conference Information
Committee	IA / ICSS
Conference Date	2015/6/11(2days)
Place (in Japanese)	(See Japanese page)
Place (in English)	Kyushu Institute of Technology Univ.
Topics (in Japanese)	(See Japanese page)
Topics (in English)	Internet Security, etc.
Chair	Ken-ichi Yoshida(Univ. of Tsukuba) / Yutaka Miyake(KDDI R&D Labs.)
Vice Chair	Hiroyuki Osaki(Kwansei Gakuin Univ.) / Masahiro Jibiki(NICT) / Yutaka Nakamura(Kyushu Inst. of Tech.) / Takashi Nishide(Univ. of Tsukuba) / Yoshiaki Shiraishi(Kobe Univ.)
Secretary	Hiroyuki Osaki(Tokyo Inst. of Tech.) / Masahiro Jibiki(Osaka Univ.) / Yutaka Nakamura(Mitsubishi Electric) / Takashi Nishide(NII) / Yoshiaki Shiraishi
Assistant	Yuichiro Hei(KDDI R&D Labs.) / Hiroshi Yamamoto(Ritsumeikan Univ.) / Toshiki Watanabe(NEC) / Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT)

Paper Information
Registration To	Technical Committee on Internet Architecture / Technical Committee on Information and Communication System Security
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Detecting Malicious Domain Names based on the Time-series Analysis of Attackers Network Resources
Sub Title (in English)
Keyword(1)	Drive-by download attack
Keyword(2)	Domain name
Keyword(3)	Blacklisting
Keyword(4)	DNS
Keyword(5)	Machine learning
1st Author's Name	Daiki Chiba
1st Author's Affiliation	Nippon Telegraph and Telephone Corporation/Waseda University(NTT/Waseda Univ.)
2nd Author's Name	Takeshi Yagi
2nd Author's Affiliation	Nippon Telegraph and Telephone Corporation(NTT)
3rd Author's Name	Mitsuaki Akiyama
3rd Author's Affiliation	Nippon Telegraph and Telephone Corporation(NTT)
4th Author's Name	Tatsuya Mori
4th Author's Affiliation	Waseda University(Waseda Univ.)
5th Author's Name	Takeshi Yada
5th Author's Affiliation	Nippon Telegraph and Telephone Corporation(NTT)
6th Author's Name	Takeo Hariu
6th Author's Affiliation	Nippon Telegraph and Telephone Corporation(NTT)
7th Author's Name	Shigeki Goto
7th Author's Affiliation	Waseda University(Waseda Univ.)
Date	2015-06-12
Paper #	IA2015-10,ICSS2015-10
Volume (vol)	vol.115
Number (no)	IA-80,ICSS-81
Page	pp.pp.51-56(IA), pp.51-56(ICSS),
#Pages	6
Date of Issue	2015-06-04 (IA, ICSS)