XGBoost Applied to Identify Malicious Domains Using Passive DNS

Detalhes bibliográficos
Autor(a) principal: Silveira, Marcos Rogerio [UNESP]
Data de Publicação: 2020
Outros Autores: Da Silva, Leandro Marcos [UNESP], Cansian, Adriano Mauro [UNESP], Kobayashi, Hugo Koji
Tipo de documento: Artigo de conferência
Idioma: eng
Título da fonte: Repositório Institucional da UNESP
Texto Completo: http://dx.doi.org/10.1109/NCA51143.2020.9306704
http://hdl.handle.net/11449/208337
Resumo: The Domain Name System (DNS) is an essential component for the Internet, as its main function is to map the domain name to Internet Protocol addresses, in which the hosts respond. Because of its importance, attackers use this tool for malicious purposes such as spreading malware, botnets, fast-flux domains, and Domain Generation Algorithms (DGAs). In this paper, we present an approach to automatically detect malicious domains using passive DNS, using the supervised machine learning algorithm Extreme Gradient Boosting (XGBoost). We use 12 features extracted exclusively from DNS traffic. The model's evaluation proved its effectiveness with an average AUC of 0.9763.
id UNSP_913c819c6d150bfa69355791f0047829
oai_identifier_str oai:repositorio.unesp.br:11449/208337
network_acronym_str UNSP
network_name_str Repositório Institucional da UNESP
repository_id_str 2946
spelling XGBoost Applied to Identify Malicious Domains Using Passive DNSDomain Name Systemmachine learningmalicious domainpassive DNSThe Domain Name System (DNS) is an essential component for the Internet, as its main function is to map the domain name to Internet Protocol addresses, in which the hosts respond. Because of its importance, attackers use this tool for malicious purposes such as spreading malware, botnets, fast-flux domains, and Domain Generation Algorithms (DGAs). In this paper, we present an approach to automatically detect malicious domains using passive DNS, using the supervised machine learning algorithm Extreme Gradient Boosting (XGBoost). We use 12 features extracted exclusively from DNS traffic. The model's evaluation proved its effectiveness with an average AUC of 0.9763.Universidade Estadual Paulista (UNESP)NICBR Brazilian Network Information CenterUniversidade Estadual Paulista (UNESP)Universidade Estadual Paulista (Unesp)Brazilian Network Information CenterSilveira, Marcos Rogerio [UNESP]Da Silva, Leandro Marcos [UNESP]Cansian, Adriano Mauro [UNESP]Kobayashi, Hugo Koji2021-06-25T11:10:33Z2021-06-25T11:10:33Z2020-11-24info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/conferenceObjecthttp://dx.doi.org/10.1109/NCA51143.2020.93067042020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020.http://hdl.handle.net/11449/20833710.1109/NCA51143.2020.93067042-s2.0-85099723851Scopusreponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESPeng2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020info:eu-repo/semantics/openAccess2024-06-28T13:55:20Zoai:repositorio.unesp.br:11449/208337Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestopendoar:29462024-08-05T21:50:45.250219Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false
dc.title.none.fl_str_mv XGBoost Applied to Identify Malicious Domains Using Passive DNS
title XGBoost Applied to Identify Malicious Domains Using Passive DNS
spellingShingle XGBoost Applied to Identify Malicious Domains Using Passive DNS
Silveira, Marcos Rogerio [UNESP]
Domain Name System
machine learning
malicious domain
passive DNS
title_short XGBoost Applied to Identify Malicious Domains Using Passive DNS
title_full XGBoost Applied to Identify Malicious Domains Using Passive DNS
title_fullStr XGBoost Applied to Identify Malicious Domains Using Passive DNS
title_full_unstemmed XGBoost Applied to Identify Malicious Domains Using Passive DNS
title_sort XGBoost Applied to Identify Malicious Domains Using Passive DNS
author Silveira, Marcos Rogerio [UNESP]
author_facet Silveira, Marcos Rogerio [UNESP]
Da Silva, Leandro Marcos [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
author_role author
author2 Da Silva, Leandro Marcos [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
author2_role author
author
author
dc.contributor.none.fl_str_mv Universidade Estadual Paulista (Unesp)
Brazilian Network Information Center
dc.contributor.author.fl_str_mv Silveira, Marcos Rogerio [UNESP]
Da Silva, Leandro Marcos [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
dc.subject.por.fl_str_mv Domain Name System
machine learning
malicious domain
passive DNS
topic Domain Name System
machine learning
malicious domain
passive DNS
description The Domain Name System (DNS) is an essential component for the Internet, as its main function is to map the domain name to Internet Protocol addresses, in which the hosts respond. Because of its importance, attackers use this tool for malicious purposes such as spreading malware, botnets, fast-flux domains, and Domain Generation Algorithms (DGAs). In this paper, we present an approach to automatically detect malicious domains using passive DNS, using the supervised machine learning algorithm Extreme Gradient Boosting (XGBoost). We use 12 features extracted exclusively from DNS traffic. The model's evaluation proved its effectiveness with an average AUC of 0.9763.
publishDate 2020
dc.date.none.fl_str_mv 2020-11-24
2021-06-25T11:10:33Z
2021-06-25T11:10:33Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/conferenceObject
format conferenceObject
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://dx.doi.org/10.1109/NCA51143.2020.9306704
2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020.
http://hdl.handle.net/11449/208337
10.1109/NCA51143.2020.9306704
2-s2.0-85099723851
url http://dx.doi.org/10.1109/NCA51143.2020.9306704
http://hdl.handle.net/11449/208337
identifier_str_mv 2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020.
10.1109/NCA51143.2020.9306704
2-s2.0-85099723851
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.source.none.fl_str_mv Scopus
reponame:Repositório Institucional da UNESP
instname:Universidade Estadual Paulista (UNESP)
instacron:UNESP
instname_str Universidade Estadual Paulista (UNESP)
instacron_str UNESP
institution UNESP
reponame_str Repositório Institucional da UNESP
collection Repositório Institucional da UNESP
repository.name.fl_str_mv Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)
repository.mail.fl_str_mv
_version_ 1808129365895020544