Abstract
In this study, we look for malicious domains in the logs of the primary DNS server of Kumamoto University using a malicious domain check tool (Virus Total), We then classify them according to their LIFETIME (LT) and investigate their main attack applications. The following results were obtained from the experiment: (1) Ransomware, phishing, and DDoS attacks were the 3 most frequent attacks. (2) We obtained two sets of LIFETIME by plotting the number of malicious domains according to their frequency (3) The frequency distribution obtained on ransomware, phishing, and DDoS attacks show that the LT distribution of ransomware and phishing is similar, however, the frequency of DDoS attacks is shorter. (4) From these results, we learn that the attack method can be determined by measuring the LT. The LT shows to be a good parameter to be used with machine learning to detect malicious domain names.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Tanabe, R., Mori, H., Harada, K., Yoshioka, K., Matsumoto, T.: Detecting malicious domains using virus total an integrated malware analysis service. Inf. Process. Soc. Jpn. 59(9), 1610–1623 (2018)
Kumamoto University: CMIT, Graduation thesis Ryo Okahara. Real-time Detection of Short-term Malicious Domains, February 2018
Chiba, D., Yagi, T., Akiyama, M., Shibahara, T., Yada, T., Mori, T., Goto, S.: DomainProfiler: discovering domain names abused in future. In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 491–502 (2016)
Mizutani, M.: Analysis of malicious domain name usage focused on DNS name resolution, Computer Security. IBM Japan, Tokyo Research
Shi, Y., Chen, G., Li, J.: Malicious domain name detection based on extreme machine learning. Neural Process. Lett. 48(3), 1347–1357 (2018)
Xu, W., Sanders, K., Zhang, Y.: We Know It Before You Do: Predicting Malicious Domains. In: Virus Bulletin Conference, pp. 73–77. Palo Alto Networks, Inc., September 2014
Bilge, L., Sen, S., Balzarotti, D., Kirda, E., Krugel, C.: Exposure: a passive DNS analysis service to detect and report malicious domain. ACM Trans. Inf. Syst. Secur. (TISSEC) 16(4) (2014). Article 14
Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou II, N., Dagon, D.: Detecting malware domains at the upper DNS hierarchy. In: Proceedings of the 20th USENIX Conference on Security, San Francisco, CA, 08–12 August 2011, p. 27 (2011)
Zhao, G., Xu, K., Xu, L., Wu, B.: Detecting APT malware infections based on malicious DNS and Traffic analysis. IEEE Access 3, 1132–1142 (2015). https://doi.org/10.1109/ACCESS.2015.2458581
Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Computer Security – ESORICS 2017, pp. 62–79 (2017)
Saxe, J., Berlin, K.: Deep neural network-based malware detection using two-dimensional binary program features. In: 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), pp. 11–20, October 2015
Acknowledgments
We would like to express our gratitude to Professor Kenichi Sugitani, Professor Yuji Nakano, Professor Masashi Toda, Associate Professor Shinichiro Kubota, and assistant professor Masahiro Ueda from the Kumamoto University CMIT Laboratory for their advice.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Hara, D., Sakurai, K., Musashi, Y. (2020). Classification of Malicious Domains by Their LIFETIME. In: Barolli, L., Okada, Y., Amato, F. (eds) Advances in Internet, Data and Web Technologies. EIDWT 2020. Lecture Notes on Data Engineering and Communications Technologies, vol 47. Springer, Cham. https://doi.org/10.1007/978-3-030-39746-3_35
Download citation
DOI: https://doi.org/10.1007/978-3-030-39746-3_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-39745-6
Online ISBN: 978-3-030-39746-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)