Detection of Malicious Domains Using Passive DNS with XGBoost
Autor(a) principal: | |
---|---|
Data de Publicação: | 2020 |
Outros Autores: | , , |
Tipo de documento: | Artigo de conferência |
Idioma: | eng |
Título da fonte: | Repositório Institucional da UNESP |
Texto Completo: | http://hdl.handle.net/11449/210787 |
Resumo: | The Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976. |
id |
UNSP_8fbd86c3257581d2abfea7e72a45f46b |
---|---|
oai_identifier_str |
oai:repositorio.unesp.br:11449/210787 |
network_acronym_str |
UNSP |
network_name_str |
Repositório Institucional da UNESP |
repository_id_str |
2946 |
spelling |
Detection of Malicious Domains Using Passive DNS with XGBoostThe Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976.Fundação para o Desenvolvimento da UNESP (FUNDUNESP)UNESP Univ Estadual Paulista, Sao Jose Do Rio Preto, SP, BrazilNICBR Brazilian Network Informat Ctr, Sao Paulo, BrazilUNESP Univ Estadual Paulista, Sao Jose Do Rio Preto, SP, BrazilFUNDUNESP: 2764/2018IeeeUniversidade Estadual Paulista (Unesp)NICBR Brazilian Network Informat CtrSilveira, Marcos Rogerio [UNESP]Cansian, Adriano Mauro [UNESP]Kobayashi, Hugo KojiIEEE2021-06-26T07:27:34Z2021-06-26T07:27:34Z2020-01-01info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/conferenceObject59-612020 Ieee International Conference On Intelligence And Security Informatics (isi). New York: Ieee, p. 59-61, 2020.http://hdl.handle.net/11449/210787WOS:000651584500012Web of Sciencereponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESPeng2020 Ieee International Conference On Intelligence And Security Informatics (isi)info:eu-repo/semantics/openAccess2024-06-28T13:55:19Zoai:repositorio.unesp.br:11449/210787Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestopendoar:29462024-08-05T19:16:07.737411Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false |
dc.title.none.fl_str_mv |
Detection of Malicious Domains Using Passive DNS with XGBoost |
title |
Detection of Malicious Domains Using Passive DNS with XGBoost |
spellingShingle |
Detection of Malicious Domains Using Passive DNS with XGBoost Silveira, Marcos Rogerio [UNESP] |
title_short |
Detection of Malicious Domains Using Passive DNS with XGBoost |
title_full |
Detection of Malicious Domains Using Passive DNS with XGBoost |
title_fullStr |
Detection of Malicious Domains Using Passive DNS with XGBoost |
title_full_unstemmed |
Detection of Malicious Domains Using Passive DNS with XGBoost |
title_sort |
Detection of Malicious Domains Using Passive DNS with XGBoost |
author |
Silveira, Marcos Rogerio [UNESP] |
author_facet |
Silveira, Marcos Rogerio [UNESP] Cansian, Adriano Mauro [UNESP] Kobayashi, Hugo Koji IEEE |
author_role |
author |
author2 |
Cansian, Adriano Mauro [UNESP] Kobayashi, Hugo Koji IEEE |
author2_role |
author author author |
dc.contributor.none.fl_str_mv |
Universidade Estadual Paulista (Unesp) NICBR Brazilian Network Informat Ctr |
dc.contributor.author.fl_str_mv |
Silveira, Marcos Rogerio [UNESP] Cansian, Adriano Mauro [UNESP] Kobayashi, Hugo Koji IEEE |
description |
The Domain Name System (DNS) has as its main function the mapping of domain names to IPs and vice versa. Because of its function combined with the exponential growth of the internet, it has become an essential component. Because of this, attackers use DNS for malicious activities, such as Phishing, Fast-Flux Domains, DGAs, in addition to the spread of malware. In this paper we present an approach for automatic detection of malicious domains using a Passive DNS dataset combined with machine learning techniques. One way to perform the detection of these malicious domains is by blocklists, which can take some time before someone reports and there is human analysis. The model presented in this work is capable of detecting malicious domains at an early stage through its Passive DNS traffic. 12 features were extracted exclusively from DNS traffic. Our model makes use of the XGBoost supervised machine learning algorithm, and obtains an average AUC of 0.976. |
publishDate |
2020 |
dc.date.none.fl_str_mv |
2020-01-01 2021-06-26T07:27:34Z 2021-06-26T07:27:34Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/conferenceObject |
format |
conferenceObject |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
2020 Ieee International Conference On Intelligence And Security Informatics (isi). New York: Ieee, p. 59-61, 2020. http://hdl.handle.net/11449/210787 WOS:000651584500012 |
identifier_str_mv |
2020 Ieee International Conference On Intelligence And Security Informatics (isi). New York: Ieee, p. 59-61, 2020. WOS:000651584500012 |
url |
http://hdl.handle.net/11449/210787 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
2020 Ieee International Conference On Intelligence And Security Informatics (isi) |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
59-61 |
dc.publisher.none.fl_str_mv |
Ieee |
publisher.none.fl_str_mv |
Ieee |
dc.source.none.fl_str_mv |
Web of Science reponame:Repositório Institucional da UNESP instname:Universidade Estadual Paulista (UNESP) instacron:UNESP |
instname_str |
Universidade Estadual Paulista (UNESP) |
instacron_str |
UNESP |
institution |
UNESP |
reponame_str |
Repositório Institucional da UNESP |
collection |
Repositório Institucional da UNESP |
repository.name.fl_str_mv |
Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP) |
repository.mail.fl_str_mv |
|
_version_ |
1808129043552272384 |