Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost (Work in Progress)

Detalhes bibliográficos
Autor(a) principal: Silva, Leandro Marcos da [UNESP]
Data de Publicação: 2020
Outros Autores: Silveira, Marcos Rogerio [UNESP], Cansian, Adriano Mauro [UNESP], Kobayashi, Hugo Koji, GkoulalasDivanis, A., Marchetti, M., Avresky, D. R.
Tipo de documento: Artigo de conferência
Idioma: eng
Título da fonte: Repositório Institucional da UNESP
Texto Completo: http://hdl.handle.net/11449/218875
Resumo: The Domain Name System (DNS) protocol provides the mapping between hostnames and Internet Protocol addresses and vice versa. However, attackers use the DNS structure to register malicious domains to engage in malicious activities. One way to mitigate these domains is to use blocklists, but there is considerable time in human detection and insertion into lists. Thus, there are works aimed at detecting domains in an automated way applying machine learning techniques. Given this scenario, the present work presents an analysis of blocklists to identify patterns in malicious domains, where it was concluded that Top Level Domains might be associated with the maliciousness of a domain. After that, a system overview for the multiclass classification of malicious domains using passive DNS is proposed. The system has an exclusive character, because it is the first to use a multiclass approach to indicate the threat present in the malicious domain, and yet, it uses XGBoost and techniques to balance the data.
id UNSP_3f882050338a0172011dfd6bd195f705
oai_identifier_str oai:repositorio.unesp.br:11449/218875
network_acronym_str UNSP
network_name_str Repositório Institucional da UNESP
repository_id_str 2946
spelling Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost (Work in Progress)Domain Name SystemPassive DNSMalicious DomainXGBoostMulticlass ClassificationThe Domain Name System (DNS) protocol provides the mapping between hostnames and Internet Protocol addresses and vice versa. However, attackers use the DNS structure to register malicious domains to engage in malicious activities. One way to mitigate these domains is to use blocklists, but there is considerable time in human detection and insertion into lists. Thus, there are works aimed at detecting domains in an automated way applying machine learning techniques. Given this scenario, the present work presents an analysis of blocklists to identify patterns in malicious domains, where it was concluded that Top Level Domains might be associated with the maliciousness of a domain. After that, a system overview for the multiclass classification of malicious domains using passive DNS is proposed. The system has an exclusive character, because it is the first to use a multiclass approach to indicate the threat present in the malicious domain, and yet, it uses XGBoost and techniques to balance the data.Fundação para o Desenvolvimento da UNESP (FUNDUNESP)Sao Paulo State Univ UNESP, Sao Paulo, BrazilBrazilian Network Informat Ctr NICBR, Sao Paulo, BrazilSao Paulo State Univ UNESP, Sao Paulo, BrazilFUNDUNESP: 2764/2018IeeeUniversidade Estadual Paulista (UNESP)Brazilian Network Informat Ctr NICBRSilva, Leandro Marcos da [UNESP]Silveira, Marcos Rogerio [UNESP]Cansian, Adriano Mauro [UNESP]Kobayashi, Hugo KojiGkoulalasDivanis, A.Marchetti, M.Avresky, D. R.2022-04-28T17:30:19Z2022-04-28T17:30:19Z2020-01-01info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/conferenceObject32020 Ieee 19th International Symposium On Network Computing And Applications (nca). New York: Ieee, 3 p., 2020.2643-7910http://hdl.handle.net/11449/218875WOS:000661912700046Web of Sciencereponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESPeng2020 Ieee 19th International Symposium On Network Computing And Applications (nca)info:eu-repo/semantics/openAccess2022-04-28T17:30:19Zoai:repositorio.unesp.br:11449/218875Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestopendoar:29462022-04-28T17:30:19Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false
dc.title.none.fl_str_mv Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost (Work in Progress)
title Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost (Work in Progress)
spellingShingle Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost (Work in Progress)
Silva, Leandro Marcos da [UNESP]
Domain Name System
Passive DNS
Malicious Domain
XGBoost
Multiclass Classification
title_short Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost (Work in Progress)
title_full Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost (Work in Progress)
title_fullStr Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost (Work in Progress)
title_full_unstemmed Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost (Work in Progress)
title_sort Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost (Work in Progress)
author Silva, Leandro Marcos da [UNESP]
author_facet Silva, Leandro Marcos da [UNESP]
Silveira, Marcos Rogerio [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
GkoulalasDivanis, A.
Marchetti, M.
Avresky, D. R.
author_role author
author2 Silveira, Marcos Rogerio [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
GkoulalasDivanis, A.
Marchetti, M.
Avresky, D. R.
author2_role author
author
author
author
author
author
dc.contributor.none.fl_str_mv Universidade Estadual Paulista (UNESP)
Brazilian Network Informat Ctr NICBR
dc.contributor.author.fl_str_mv Silva, Leandro Marcos da [UNESP]
Silveira, Marcos Rogerio [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
GkoulalasDivanis, A.
Marchetti, M.
Avresky, D. R.
dc.subject.por.fl_str_mv Domain Name System
Passive DNS
Malicious Domain
XGBoost
Multiclass Classification
topic Domain Name System
Passive DNS
Malicious Domain
XGBoost
Multiclass Classification
description The Domain Name System (DNS) protocol provides the mapping between hostnames and Internet Protocol addresses and vice versa. However, attackers use the DNS structure to register malicious domains to engage in malicious activities. One way to mitigate these domains is to use blocklists, but there is considerable time in human detection and insertion into lists. Thus, there are works aimed at detecting domains in an automated way applying machine learning techniques. Given this scenario, the present work presents an analysis of blocklists to identify patterns in malicious domains, where it was concluded that Top Level Domains might be associated with the maliciousness of a domain. After that, a system overview for the multiclass classification of malicious domains using passive DNS is proposed. The system has an exclusive character, because it is the first to use a multiclass approach to indicate the threat present in the malicious domain, and yet, it uses XGBoost and techniques to balance the data.
publishDate 2020
dc.date.none.fl_str_mv 2020-01-01
2022-04-28T17:30:19Z
2022-04-28T17:30:19Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/conferenceObject
format conferenceObject
status_str publishedVersion
dc.identifier.uri.fl_str_mv 2020 Ieee 19th International Symposium On Network Computing And Applications (nca). New York: Ieee, 3 p., 2020.
2643-7910
http://hdl.handle.net/11449/218875
WOS:000661912700046
identifier_str_mv 2020 Ieee 19th International Symposium On Network Computing And Applications (nca). New York: Ieee, 3 p., 2020.
2643-7910
WOS:000661912700046
url http://hdl.handle.net/11449/218875
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2020 Ieee 19th International Symposium On Network Computing And Applications (nca)
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv 3
dc.publisher.none.fl_str_mv Ieee
publisher.none.fl_str_mv Ieee
dc.source.none.fl_str_mv Web of Science
reponame:Repositório Institucional da UNESP
instname:Universidade Estadual Paulista (UNESP)
instacron:UNESP
instname_str Universidade Estadual Paulista (UNESP)
instacron_str UNESP
institution UNESP
reponame_str Repositório Institucional da UNESP
collection Repositório Institucional da UNESP
repository.name.fl_str_mv Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)
repository.mail.fl_str_mv
_version_ 1803046100129546240

Registros relacionados