Detection of Malicious Domains Using Passive DNS with XGBoost
| Autor: | Hugo Koji Kobayashi, Marcos Rogerio Silveira, Adriano Mauro Cansian |
|---|---|
| Rok vydání: | 2020 |
| Předmět: |
050101 languages & linguistics
Computer science business.industry Domain Name System media_common.quotation_subject ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS 05 social sciences 02 engineering and technology computer.software_genre Phishing Domain (software engineering) ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS Exponential growth Component (UML) 0202 electrical engineering electronic engineering information engineering Malware 020201 artificial intelligence & image processing 0501 psychology and cognitive sciences The Internet Data mining Function (engineering) business computer media_common |
| Zdroj: | ISI |
| DOI: | 10.1109/isi49825.2020.9280552 |
| Popis: | The Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|