Classification of Malicious Domains by Their LIFETIME

Hara, Daiji; Sakurai, Kouichi; Musashi, Yasuo

doi:10.1007/978-3-030-39746-3_35

Daiji Hara⁵,
Kouichi Sakurai⁵ &
Yasuo Musashi⁶

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 47))

Included in the following conference series:

International Conference on Emerging Internetworking, Data & Web Technologies

939 Accesses
1 Citations

Abstract

In this study, we look for malicious domains in the logs of the primary DNS server of Kumamoto University using a malicious domain check tool (Virus Total), We then classify them according to their LIFETIME (LT) and investigate their main attack applications. The following results were obtained from the experiment: (1) Ransomware, phishing, and DDoS attacks were the 3 most frequent attacks. (2) We obtained two sets of LIFETIME by plotting the number of malicious domains according to their frequency (3) The frequency distribution obtained on ransomware, phishing, and DDoS attacks show that the LT distribution of ransomware and phishing is similar, however, the frequency of DDoS attacks is shorter. (4) From these results, we learn that the attack method can be determined by measuring the LT. The LT shows to be a good parameter to be used with machine learning to detect malicious domain names.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Tanabe, R., Mori, H., Harada, K., Yoshioka, K., Matsumoto, T.: Detecting malicious domains using virus total an integrated malware analysis service. Inf. Process. Soc. Jpn. 59(9), 1610–1623 (2018)
Google Scholar
Kumamoto University: CMIT, Graduation thesis Ryo Okahara. Real-time Detection of Short-term Malicious Domains, February 2018
Google Scholar
Chiba, D., Yagi, T., Akiyama, M., Shibahara, T., Yada, T., Mori, T., Goto, S.: DomainProfiler: discovering domain names abused in future. In: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 491–502 (2016)
Google Scholar
Mizutani, M.: Analysis of malicious domain name usage focused on DNS name resolution, Computer Security. IBM Japan, Tokyo Research
Google Scholar
Shi, Y., Chen, G., Li, J.: Malicious domain name detection based on extreme machine learning. Neural Process. Lett. 48(3), 1347–1357 (2018)
Article Google Scholar
Xu, W., Sanders, K., Zhang, Y.: We Know It Before You Do: Predicting Malicious Domains. In: Virus Bulletin Conference, pp. 73–77. Palo Alto Networks, Inc., September 2014
Google Scholar
Bilge, L., Sen, S., Balzarotti, D., Kirda, E., Krugel, C.: Exposure: a passive DNS analysis service to detect and report malicious domain. ACM Trans. Inf. Syst. Secur. (TISSEC) 16(4) (2014). Article 14
Google Scholar
https://www.virustotal.com/gui/
Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou II, N., Dagon, D.: Detecting malware domains at the upper DNS hierarchy. In: Proceedings of the 20th USENIX Conference on Security, San Francisco, CA, 08–12 August 2011, p. 27 (2011)
Google Scholar
Zhao, G., Xu, K., Xu, L., Wu, B.: Detecting APT malware infections based on malicious DNS and Traffic analysis. IEEE Access 3, 1132–1142 (2015). https://doi.org/10.1109/ACCESS.2015.2458581
Article Google Scholar
Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Computer Security – ESORICS 2017, pp. 62–79 (2017)
Google Scholar
Saxe, J., Berlin, K.: Deep neural network-based malware detection using two-dimensional binary program features. In: 2015 10th International Conference on Malicious and Unwanted Software (MALWARE), pp. 11–20, October 2015
Google Scholar

Download references

Acknowledgments

We would like to express our gratitude to Professor Kenichi Sugitani, Professor Yuji Nakano, Professor Masashi Toda, Associate Professor Shinichiro Kubota, and assistant professor Masahiro Ueda from the Kumamoto University CMIT Laboratory for their advice.

Author information

Authors and Affiliations

Graduate School, Kyushu University, Fukuoka, Japan
Daiji Hara & Kouichi Sakurai
CMIT, Kumamoto University, Kumamoto, Japan
Yasuo Musashi

Authors

Daiji Hara
View author publications
You can also search for this author in PubMed Google Scholar
Kouichi Sakurai
View author publications
You can also search for this author in PubMed Google Scholar
Yasuo Musashi
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daiji Hara .

Editor information

Editors and Affiliations

Department of Information and Communication Engineering, Fukuoka Institute of Technology, Fukuoka, Japan
Leonard Barolli
Innovation Center for Educational Resources, University Library, Kyushu University, Fukuoka, Japan
Yoshihiro Okada
Department of Electrical Engineering and Information Technology, University of Naples "Frederico II", Naples, Italy
Flora Amato

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hara, D., Sakurai, K., Musashi, Y. (2020). Classification of Malicious Domains by Their LIFETIME. In: Barolli, L., Okada, Y., Amato, F. (eds) Advances in Internet, Data and Web Technologies. EIDWT 2020. Lecture Notes on Data Engineering and Communications Technologies, vol 47. Springer, Cham. https://doi.org/10.1007/978-3-030-39746-3_35

Download citation

DOI: https://doi.org/10.1007/978-3-030-39746-3_35
Published: 31 January 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-39745-6
Online ISBN: 978-3-030-39746-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)

Publish with us

Policies and ethics