Detection of Malicious Domains Using Passive DNS with XGBoost
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2020 |
| Outros Autores: | , |
| Tipo de documento: | Artigo de conferência |
| Idioma: | eng |
| Título da fonte: | Repositório Institucional da UNESP |
| Texto Completo: | http://dx.doi.org/10.1109/ISI49825.2020.9280552 http://hdl.handle.net/11449/208294 |
Resumo: | The Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976. |
| id |
UNSP_4a63ba4a0b669bca24085c4998d46191 |
|---|---|
| oai_identifier_str |
oai:repositorio.unesp.br:11449/208294 |
| network_acronym_str |
UNSP |
| network_name_str |
Repositório Institucional da UNESP |
| repository_id_str |
2946 |
| spelling |
Detection of Malicious Domains Using Passive DNS with XGBoostThe Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976.Universidade Estadual Paulista UnespBrazilian Network Information Center NIC.BRUniversidade Estadual Paulista UnespUniversidade Estadual Paulista (Unesp)NIC.BRSilveira, Marcos Rogério [UNESP]Cansian, Adriano Mauro [UNESP]Kobayashi, Hugo Koji2021-06-25T11:09:48Z2021-06-25T11:09:48Z2020-11-09info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/conferenceObjecthttp://dx.doi.org/10.1109/ISI49825.2020.9280552Proceedings - 2020 IEEE International Conference on Intelligence and Security Informatics, ISI 2020.http://hdl.handle.net/11449/20829410.1109/ISI49825.2020.92805522-s2.0-85098951128Scopusreponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESPengProceedings - 2020 IEEE International Conference on Intelligence and Security Informatics, ISI 2020info:eu-repo/semantics/openAccess2021-10-23T18:56:56Zoai:repositorio.unesp.br:11449/208294Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestopendoar:29462021-10-23T18:56:56Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false |
| dc.title.none.fl_str_mv |
Detection of Malicious Domains Using Passive DNS with XGBoost |
| title |
Detection of Malicious Domains Using Passive DNS with XGBoost |
| spellingShingle |
Detection of Malicious Domains Using Passive DNS with XGBoost Silveira, Marcos Rogério [UNESP] |
| title_short |
Detection of Malicious Domains Using Passive DNS with XGBoost |
| title_full |
Detection of Malicious Domains Using Passive DNS with XGBoost |
| title_fullStr |
Detection of Malicious Domains Using Passive DNS with XGBoost |
| title_full_unstemmed |
Detection of Malicious Domains Using Passive DNS with XGBoost |
| title_sort |
Detection of Malicious Domains Using Passive DNS with XGBoost |
| author |
Silveira, Marcos Rogério [UNESP] |
| author_facet |
Silveira, Marcos Rogério [UNESP] Cansian, Adriano Mauro [UNESP] Kobayashi, Hugo Koji |
| author_role |
author |
| author2 |
Cansian, Adriano Mauro [UNESP] Kobayashi, Hugo Koji |
| author2_role |
author author |
| dc.contributor.none.fl_str_mv |
Universidade Estadual Paulista (Unesp) NIC.BR |
| dc.contributor.author.fl_str_mv |
Silveira, Marcos Rogério [UNESP] Cansian, Adriano Mauro [UNESP] Kobayashi, Hugo Koji |
| description |
The Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976. |
| publishDate |
2020 |
| dc.date.none.fl_str_mv |
2020-11-09 2021-06-25T11:09:48Z 2021-06-25T11:09:48Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/conferenceObject |
| format |
conferenceObject |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://dx.doi.org/10.1109/ISI49825.2020.9280552 Proceedings - 2020 IEEE International Conference on Intelligence and Security Informatics, ISI 2020. http://hdl.handle.net/11449/208294 10.1109/ISI49825.2020.9280552 2-s2.0-85098951128 |
| url |
http://dx.doi.org/10.1109/ISI49825.2020.9280552 http://hdl.handle.net/11449/208294 |
| identifier_str_mv |
Proceedings - 2020 IEEE International Conference on Intelligence and Security Informatics, ISI 2020. 10.1109/ISI49825.2020.9280552 2-s2.0-85098951128 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
Proceedings - 2020 IEEE International Conference on Intelligence and Security Informatics, ISI 2020 |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.source.none.fl_str_mv |
Scopus reponame:Repositório Institucional da UNESP instname:Universidade Estadual Paulista (UNESP) instacron:UNESP |
| instname_str |
Universidade Estadual Paulista (UNESP) |
| instacron_str |
UNESP |
| institution |
UNESP |
| reponame_str |
Repositório Institucional da UNESP |
| collection |
Repositório Institucional da UNESP |
| repository.name.fl_str_mv |
Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP) |
| repository.mail.fl_str_mv |
|
| _version_ |
1803046912098566144 |