Presentation | 2015-06-12 Detecting Malicious Domain Names based on the Time-series Analysis of Attackers Network Resources Daiki Chiba, Takeshi Yagi, Mitsuaki Akiyama, Tatsuya Mori, Takeshi Yada, Takeo Hariu, Shigeki Goto, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Attackers launching cyber attacks frequently change their malicious websites to evade countermeasures such as blacklisting. To detect such changing malicious websites, many detection methods using the network and domain name based characteristics have been proposed. However, a typical detection method fails to evaluate changing malicious websites since the method only relies on the information at a certain point in time. Therefore, we propose a new detection method of malicious domain names focusing on the characteristics of attackers behavior, especially the changing situation of malicious domain names. Moreover, we realize the method for determining the optimal granularity of malicious domain names for preventing users from accessing them. Our evaluation using large and latest real dataset reveals that our method successfully detects previously undetectable malicious domain names by the typical method. The evaluation also shows that many malicious websites can be effectively blocked using the granularity of domain names. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Drive-by download attack / Domain name / Blacklisting / DNS / Machine learning |
Paper # | IA2015-10,ICSS2015-10 |
Date of Issue | 2015-06-04 (IA, ICSS) |
Conference Information | |
Committee | IA / ICSS |
---|---|
Conference Date | 2015/6/11(2days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | Kyushu Institute of Technology Univ. |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | Internet Security, etc. |
Chair | Ken-ichi Yoshida(Univ. of Tsukuba) / Yutaka Miyake(KDDI R&D Labs.) |
Vice Chair | Hiroyuki Osaki(Kwansei Gakuin Univ.) / Masahiro Jibiki(NICT) / Yutaka Nakamura(Kyushu Inst. of Tech.) / Takashi Nishide(Univ. of Tsukuba) / Yoshiaki Shiraishi(Kobe Univ.) |
Secretary | Hiroyuki Osaki(Tokyo Inst. of Tech.) / Masahiro Jibiki(Osaka Univ.) / Yutaka Nakamura(Mitsubishi Electric) / Takashi Nishide(NII) / Yoshiaki Shiraishi |
Assistant | Yuichiro Hei(KDDI R&D Labs.) / Hiroshi Yamamoto(Ritsumeikan Univ.) / Toshiki Watanabe(NEC) / Katsunari Yoshioka(Yokohama National Univ.) / Kazunori Kamiya(NTT) |
Paper Information | |
Registration To | Technical Committee on Internet Architecture / Technical Committee on Information and Communication System Security |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Detecting Malicious Domain Names based on the Time-series Analysis of Attackers Network Resources |
Sub Title (in English) | |
Keyword(1) | Drive-by download attack |
Keyword(2) | Domain name |
Keyword(3) | Blacklisting |
Keyword(4) | DNS |
Keyword(5) | Machine learning |
1st Author's Name | Daiki Chiba |
1st Author's Affiliation | Nippon Telegraph and Telephone Corporation/Waseda University(NTT/Waseda Univ.) |
2nd Author's Name | Takeshi Yagi |
2nd Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
3rd Author's Name | Mitsuaki Akiyama |
3rd Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
4th Author's Name | Tatsuya Mori |
4th Author's Affiliation | Waseda University(Waseda Univ.) |
5th Author's Name | Takeshi Yada |
5th Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
6th Author's Name | Takeo Hariu |
6th Author's Affiliation | Nippon Telegraph and Telephone Corporation(NTT) |
7th Author's Name | Shigeki Goto |
7th Author's Affiliation | Waseda University(Waseda Univ.) |
Date | 2015-06-12 |
Paper # | IA2015-10,ICSS2015-10 |
Volume (vol) | vol.115 |
Number (no) | IA-80,ICSS-81 |
Page | pp.pp.51-56(IA), pp.51-56(ICSS), |
#Pages | 6 |
Date of Issue | 2015-06-04 (IA, ICSS) |