Detection of Malicious Domains Using Passive DNS with XGBoost

Detalhes bibliográficos
Autor(a) principal: Silveira, Marcos Rogério [UNESP]
Data de Publicação: 2020
Outros Autores: Cansian, Adriano Mauro [UNESP], Kobayashi, Hugo Koji
Tipo de documento: Artigo de conferência
Idioma: eng
Título da fonte: Repositório Institucional da UNESP
Texto Completo: http://dx.doi.org/10.1109/ISI49825.2020.9280552
http://hdl.handle.net/11449/208294
Resumo: The Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976.
id UNSP_4a63ba4a0b669bca24085c4998d46191
oai_identifier_str oai:repositorio.unesp.br:11449/208294
network_acronym_str UNSP
network_name_str Repositório Institucional da UNESP
repository_id_str 2946
spelling Detection of Malicious Domains Using Passive DNS with XGBoostThe Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976.Universidade Estadual Paulista UnespBrazilian Network Information Center NIC.BRUniversidade Estadual Paulista UnespUniversidade Estadual Paulista (Unesp)NIC.BRSilveira, Marcos Rogério [UNESP]Cansian, Adriano Mauro [UNESP]Kobayashi, Hugo Koji2021-06-25T11:09:48Z2021-06-25T11:09:48Z2020-11-09info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/conferenceObjecthttp://dx.doi.org/10.1109/ISI49825.2020.9280552Proceedings - 2020 IEEE International Conference on Intelligence and Security Informatics, ISI 2020.http://hdl.handle.net/11449/20829410.1109/ISI49825.2020.92805522-s2.0-85098951128Scopusreponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESPengProceedings - 2020 IEEE International Conference on Intelligence and Security Informatics, ISI 2020info:eu-repo/semantics/openAccess2024-06-28T13:55:19Zoai:repositorio.unesp.br:11449/208294Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestopendoar:29462024-08-05T20:07:37.653300Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false
dc.title.none.fl_str_mv Detection of Malicious Domains Using Passive DNS with XGBoost
title Detection of Malicious Domains Using Passive DNS with XGBoost
spellingShingle Detection of Malicious Domains Using Passive DNS with XGBoost
Silveira, Marcos Rogério [UNESP]
title_short Detection of Malicious Domains Using Passive DNS with XGBoost
title_full Detection of Malicious Domains Using Passive DNS with XGBoost
title_fullStr Detection of Malicious Domains Using Passive DNS with XGBoost
title_full_unstemmed Detection of Malicious Domains Using Passive DNS with XGBoost
title_sort Detection of Malicious Domains Using Passive DNS with XGBoost
author Silveira, Marcos Rogério [UNESP]
author_facet Silveira, Marcos Rogério [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
author_role author
author2 Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
author2_role author
author
dc.contributor.none.fl_str_mv Universidade Estadual Paulista (Unesp)
NIC.BR
dc.contributor.author.fl_str_mv Silveira, Marcos Rogério [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
description The Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976.
publishDate 2020
dc.date.none.fl_str_mv 2020-11-09
2021-06-25T11:09:48Z
2021-06-25T11:09:48Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/conferenceObject
format conferenceObject
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://dx.doi.org/10.1109/ISI49825.2020.9280552
Proceedings - 2020 IEEE International Conference on Intelligence and Security Informatics, ISI 2020.
http://hdl.handle.net/11449/208294
10.1109/ISI49825.2020.9280552
2-s2.0-85098951128
url http://dx.doi.org/10.1109/ISI49825.2020.9280552
http://hdl.handle.net/11449/208294
identifier_str_mv Proceedings - 2020 IEEE International Conference on Intelligence and Security Informatics, ISI 2020.
10.1109/ISI49825.2020.9280552
2-s2.0-85098951128
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv Proceedings - 2020 IEEE International Conference on Intelligence and Security Informatics, ISI 2020
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.source.none.fl_str_mv Scopus
reponame:Repositório Institucional da UNESP
instname:Universidade Estadual Paulista (UNESP)
instacron:UNESP
instname_str Universidade Estadual Paulista (UNESP)
instacron_str UNESP
institution UNESP
reponame_str Repositório Institucional da UNESP
collection Repositório Institucional da UNESP
repository.name.fl_str_mv Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)
repository.mail.fl_str_mv
_version_ 1808129163276582912