XGBoost Applied to Identify Malicious Domains Using Passive DNS
Autor(a) principal: | |
---|---|
Data de Publicação: | 2020 |
Outros Autores: | , , |
Tipo de documento: | Artigo de conferência |
Idioma: | eng |
Título da fonte: | Repositório Institucional da UNESP |
Texto Completo: | http://dx.doi.org/10.1109/NCA51143.2020.9306704 http://hdl.handle.net/11449/208337 |
Resumo: | The Domain Name System (DNS) is an essential component for the Internet, as its main function is to map the domain name to Internet Protocol addresses, in which the hosts respond. Because of its importance, attackers use this tool for malicious purposes such as spreading malware, botnets, fast-flux domains, and Domain Generation Algorithms (DGAs). In this paper, we present an approach to automatically detect malicious domains using passive DNS, using the supervised machine learning algorithm Extreme Gradient Boosting (XGBoost). We use 12 features extracted exclusively from DNS traffic. The model's evaluation proved its effectiveness with an average AUC of 0.9763. |
id |
UNSP_913c819c6d150bfa69355791f0047829 |
---|---|
oai_identifier_str |
oai:repositorio.unesp.br:11449/208337 |
network_acronym_str |
UNSP |
network_name_str |
Repositório Institucional da UNESP |
repository_id_str |
2946 |
spelling |
XGBoost Applied to Identify Malicious Domains Using Passive DNSDomain Name Systemmachine learningmalicious domainpassive DNSThe Domain Name System (DNS) is an essential component for the Internet, as its main function is to map the domain name to Internet Protocol addresses, in which the hosts respond. Because of its importance, attackers use this tool for malicious purposes such as spreading malware, botnets, fast-flux domains, and Domain Generation Algorithms (DGAs). In this paper, we present an approach to automatically detect malicious domains using passive DNS, using the supervised machine learning algorithm Extreme Gradient Boosting (XGBoost). We use 12 features extracted exclusively from DNS traffic. The model's evaluation proved its effectiveness with an average AUC of 0.9763.Universidade Estadual Paulista (UNESP)NICBR Brazilian Network Information CenterUniversidade Estadual Paulista (UNESP)Universidade Estadual Paulista (Unesp)Brazilian Network Information CenterSilveira, Marcos Rogerio [UNESP]Da Silva, Leandro Marcos [UNESP]Cansian, Adriano Mauro [UNESP]Kobayashi, Hugo Koji2021-06-25T11:10:33Z2021-06-25T11:10:33Z2020-11-24info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/conferenceObjecthttp://dx.doi.org/10.1109/NCA51143.2020.93067042020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020.http://hdl.handle.net/11449/20833710.1109/NCA51143.2020.93067042-s2.0-85099723851Scopusreponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESPeng2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020info:eu-repo/semantics/openAccess2024-06-28T13:55:20Zoai:repositorio.unesp.br:11449/208337Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestopendoar:29462024-08-05T21:50:45.250219Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false |
dc.title.none.fl_str_mv |
XGBoost Applied to Identify Malicious Domains Using Passive DNS |
title |
XGBoost Applied to Identify Malicious Domains Using Passive DNS |
spellingShingle |
XGBoost Applied to Identify Malicious Domains Using Passive DNS Silveira, Marcos Rogerio [UNESP] Domain Name System machine learning malicious domain passive DNS |
title_short |
XGBoost Applied to Identify Malicious Domains Using Passive DNS |
title_full |
XGBoost Applied to Identify Malicious Domains Using Passive DNS |
title_fullStr |
XGBoost Applied to Identify Malicious Domains Using Passive DNS |
title_full_unstemmed |
XGBoost Applied to Identify Malicious Domains Using Passive DNS |
title_sort |
XGBoost Applied to Identify Malicious Domains Using Passive DNS |
author |
Silveira, Marcos Rogerio [UNESP] |
author_facet |
Silveira, Marcos Rogerio [UNESP] Da Silva, Leandro Marcos [UNESP] Cansian, Adriano Mauro [UNESP] Kobayashi, Hugo Koji |
author_role |
author |
author2 |
Da Silva, Leandro Marcos [UNESP] Cansian, Adriano Mauro [UNESP] Kobayashi, Hugo Koji |
author2_role |
author author author |
dc.contributor.none.fl_str_mv |
Universidade Estadual Paulista (Unesp) Brazilian Network Information Center |
dc.contributor.author.fl_str_mv |
Silveira, Marcos Rogerio [UNESP] Da Silva, Leandro Marcos [UNESP] Cansian, Adriano Mauro [UNESP] Kobayashi, Hugo Koji |
dc.subject.por.fl_str_mv |
Domain Name System machine learning malicious domain passive DNS |
topic |
Domain Name System machine learning malicious domain passive DNS |
description |
The Domain Name System (DNS) is an essential component for the Internet, as its main function is to map the domain name to Internet Protocol addresses, in which the hosts respond. Because of its importance, attackers use this tool for malicious purposes such as spreading malware, botnets, fast-flux domains, and Domain Generation Algorithms (DGAs). In this paper, we present an approach to automatically detect malicious domains using passive DNS, using the supervised machine learning algorithm Extreme Gradient Boosting (XGBoost). We use 12 features extracted exclusively from DNS traffic. The model's evaluation proved its effectiveness with an average AUC of 0.9763. |
publishDate |
2020 |
dc.date.none.fl_str_mv |
2020-11-24 2021-06-25T11:10:33Z 2021-06-25T11:10:33Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/conferenceObject |
format |
conferenceObject |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://dx.doi.org/10.1109/NCA51143.2020.9306704 2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020. http://hdl.handle.net/11449/208337 10.1109/NCA51143.2020.9306704 2-s2.0-85099723851 |
url |
http://dx.doi.org/10.1109/NCA51143.2020.9306704 http://hdl.handle.net/11449/208337 |
identifier_str_mv |
2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020. 10.1109/NCA51143.2020.9306704 2-s2.0-85099723851 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.source.none.fl_str_mv |
Scopus reponame:Repositório Institucional da UNESP instname:Universidade Estadual Paulista (UNESP) instacron:UNESP |
instname_str |
Universidade Estadual Paulista (UNESP) |
instacron_str |
UNESP |
institution |
UNESP |
reponame_str |
Repositório Institucional da UNESP |
collection |
Repositório Institucional da UNESP |
repository.name.fl_str_mv |
Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP) |
repository.mail.fl_str_mv |
|
_version_ |
1808129365895020544 |