Detection of Malicious Domains Using Passive DNS with XGBoost

Detalhes bibliográficos
Autor(a) principal: Silveira, Marcos Rogerio [UNESP]
Data de Publicação: 2020
Outros Autores: Cansian, Adriano Mauro [UNESP], Kobayashi, Hugo Koji, IEEE
Tipo de documento: Artigo de conferência
Idioma: eng
Título da fonte: Repositório Institucional da UNESP
Texto Completo: http://hdl.handle.net/11449/210787
Resumo: The Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976.
id UNSP_8fbd86c3257581d2abfea7e72a45f46b
oai_identifier_str oai:repositorio.unesp.br:11449/210787
network_acronym_str UNSP
network_name_str Repositório Institucional da UNESP
repository_id_str 2946
spelling Detection of Malicious Domains Using Passive DNS with XGBoostThe Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976.Fundação para o Desenvolvimento da UNESP (FUNDUNESP)UNESP Univ Estadual Paulista, Sao Jose Do Rio Preto, SP, BrazilNICBR Brazilian Network Informat Ctr, Sao Paulo, BrazilUNESP Univ Estadual Paulista, Sao Jose Do Rio Preto, SP, BrazilFUNDUNESP: 2764/2018IeeeUniversidade Estadual Paulista (Unesp)NICBR Brazilian Network Informat CtrSilveira, Marcos Rogerio [UNESP]Cansian, Adriano Mauro [UNESP]Kobayashi, Hugo KojiIEEE2021-06-26T07:27:34Z2021-06-26T07:27:34Z2020-01-01info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/conferenceObject59-612020 Ieee International Conference On Intelligence And Security Informatics (isi). New York: Ieee, p. 59-61, 2020.http://hdl.handle.net/11449/210787WOS:000651584500012Web of Sciencereponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESPeng2020 Ieee International Conference On Intelligence And Security Informatics (isi)info:eu-repo/semantics/openAccess2024-06-28T13:55:19Zoai:repositorio.unesp.br:11449/210787Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestopendoar:29462024-08-05T19:16:07.737411Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false
dc.title.none.fl_str_mv Detection of Malicious Domains Using Passive DNS with XGBoost
title Detection of Malicious Domains Using Passive DNS with XGBoost
spellingShingle Detection of Malicious Domains Using Passive DNS with XGBoost
Silveira, Marcos Rogerio [UNESP]
title_short Detection of Malicious Domains Using Passive DNS with XGBoost
title_full Detection of Malicious Domains Using Passive DNS with XGBoost
title_fullStr Detection of Malicious Domains Using Passive DNS with XGBoost
title_full_unstemmed Detection of Malicious Domains Using Passive DNS with XGBoost
title_sort Detection of Malicious Domains Using Passive DNS with XGBoost
author Silveira, Marcos Rogerio [UNESP]
author_facet Silveira, Marcos Rogerio [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
IEEE
author_role author
author2 Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
IEEE
author2_role author
author
author
dc.contributor.none.fl_str_mv Universidade Estadual Paulista (Unesp)
NICBR Brazilian Network Informat Ctr
dc.contributor.author.fl_str_mv Silveira, Marcos Rogerio [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
IEEE
description The Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976.
publishDate 2020
dc.date.none.fl_str_mv 2020-01-01
2021-06-26T07:27:34Z
2021-06-26T07:27:34Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/conferenceObject
format conferenceObject
status_str publishedVersion
dc.identifier.uri.fl_str_mv 2020 Ieee International Conference On Intelligence And Security Informatics (isi). New York: Ieee, p. 59-61, 2020.
http://hdl.handle.net/11449/210787
WOS:000651584500012
identifier_str_mv 2020 Ieee International Conference On Intelligence And Security Informatics (isi). New York: Ieee, p. 59-61, 2020.
WOS:000651584500012
url http://hdl.handle.net/11449/210787
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2020 Ieee International Conference On Intelligence And Security Informatics (isi)
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv 59-61
dc.publisher.none.fl_str_mv Ieee
publisher.none.fl_str_mv Ieee
dc.source.none.fl_str_mv Web of Science
reponame:Repositório Institucional da UNESP
instname:Universidade Estadual Paulista (UNESP)
instacron:UNESP
instname_str Universidade Estadual Paulista (UNESP)
instacron_str UNESP
institution UNESP
reponame_str Repositório Institucional da UNESP
collection Repositório Institucional da UNESP
repository.name.fl_str_mv Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)
repository.mail.fl_str_mv
_version_ 1808129043552272384