Abstract
The Domain Name System (DNS) is an essential component of the internet infrastructure, used to translates domain names into IP addresses. Threat actors often abuse this system by registering and taking over thousands of Internet domains every day. These serve to launch various types of cyber-attacks, such as spam, phishing, botnets, and drive-by downloads. Currently, the main countermeasure addressing such threat is reactive blacklisting. Since cyber-attacks are mainly performed for short periods, reactive methods are usually too late and hence ineffective. As a result, new approaches to early identification of malicious websites are needed. In the recent decade, many novel papers were published offering systems to calculate domain reputation for domains that are not listed in common black-lists. This research implements three such approaches and evaluates their effectiveness in detecting malicious phishing domains. The social network analysis technique performed best, as it achieved a 60.71% detection rate with a false positive rate of only 0.35%.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Weimer, F.: Passive DNS replication. In: Proceedings of FIRST Conference on Computer Security Incident, p. 98 (2005)
Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: finding malicious domains using passive DNS analysis. In: Proceedings of NDSS, pp. 1–17 (2011)
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: Proceedings of USENIX Security Symposium, pp. 273–290 (2010)
Gao, H., et al.: An empirical reexamination of global DNS behavior. In: Proceedings of the ACM SIGCOMM 2013 Conference, pp. 267–278 (2013)
Hao, S., Kantchelian, A., Miller, B., Paxson, V., Feamster, N.: PREDATOR: proactive recognition and elimination of domain abuse at time-of-registration. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1568–1579 (2016)
Page, L., Brin, S., Motwani, R., Winograd, T.: The PageRank citation ranking: bringing order to the web. Stanford InfoLab (1999)
Sunil, A.N.V., Sardana, A.: A pagerank based detection technique for phishing web sites. In: Proceedings of 2012 IEEE Symposium on Computers & Informatics (ISCI), pp. 58–63. IEEE (2012)
Mishsky, I., Gal-Oz, N., Gudes, E.: A topology based flow model for computing domain reputation. In: Samarati, P. (ed.) DBSec 2015. LNCS, vol. 9149, pp. 277–292. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20810-7_20
Marchal, S., François, J., State, R., Engel, T.: Proactive discovery of phishing related domain names. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 190–209. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33338-5_10
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Paz, E., Gudes, E. (2020). Comparison of DNS Based Methods for Detecting Malicious Domains. In: Dolev, S., Kolesnikov, V., Lodha, S., Weiss, G. (eds) Cyber Security Cryptography and Machine Learning. CSCML 2020. Lecture Notes in Computer Science(), vol 12161. Springer, Cham. https://doi.org/10.1007/978-3-030-49785-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-49785-9_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-49784-2
Online ISBN: 978-3-030-49785-9
eBook Packages: Computer ScienceComputer Science (R0)