Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress)

Detalhes bibliográficos
Autor(a) principal: Da Silva, Leandro Marcos [UNESP]
Data de Publicação: 2020
Outros Autores: Silveira, Marcos Rogerio [UNESP], Cansian, Adriano Mauro [UNESP], Kobayashi, Hugo Koji
Tipo de documento: Artigo de conferência
Idioma: eng
Título da fonte: Repositório Institucional da UNESP
Texto Completo: http://dx.doi.org/10.1109/NCA51143.2020.9306705
http://hdl.handle.net/11449/208338
Resumo: The Domain Name System (DNS) protocol provides the mapping between hostnames and Internet Protocol addresses and vice versa. However, attackers use the DNS structure to register malicious domains to engage in malicious activities. One way to mitigate these domains is to use blocklists, but there is considerable time in human detection and insertion into lists. Thus, there are works aimed at detecting domains in an automated way applying machine learning techniques. Given this scenario, the present work presents an analysis of blocklists to identify patterns in malicious domains, where it was concluded that Top Level Domains might be associated with the maliciousness of a domain. After that, a system overview for the multiclass classification of malicious domains using passive DNS is proposed. The system has an exclusive character, because it is the first to use a multiclass approach to indicate the threat present in the malicious domain, and yet, it uses XGBoost and techniques to balance the data.
id UNSP_bac31f1637fc8f934582611e1c7bddd3
oai_identifier_str oai:repositorio.unesp.br:11449/208338
network_acronym_str UNSP
network_name_str Repositório Institucional da UNESP
repository_id_str 2946
spelling Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress)Domain Name SystemMalicious DomainMulticlass ClassificationPassive DNSXGBoostThe Domain Name System (DNS) protocol provides the mapping between hostnames and Internet Protocol addresses and vice versa. However, attackers use the DNS structure to register malicious domains to engage in malicious activities. One way to mitigate these domains is to use blocklists, but there is considerable time in human detection and insertion into lists. Thus, there are works aimed at detecting domains in an automated way applying machine learning techniques. Given this scenario, the present work presents an analysis of blocklists to identify patterns in malicious domains, where it was concluded that Top Level Domains might be associated with the maliciousness of a domain. After that, a system overview for the multiclass classification of malicious domains using passive DNS is proposed. The system has an exclusive character, because it is the first to use a multiclass approach to indicate the threat present in the malicious domain, and yet, it uses XGBoost and techniques to balance the data.Sao Paulo State University (UNESP)NICBR Brazilian Network Information CenterSao Paulo State University (UNESP)Universidade Estadual Paulista (Unesp)Brazilian Network Information CenterDa Silva, Leandro Marcos [UNESP]Silveira, Marcos Rogerio [UNESP]Cansian, Adriano Mauro [UNESP]Kobayashi, Hugo Koji2021-06-25T11:10:33Z2021-06-25T11:10:33Z2020-11-24info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/conferenceObjecthttp://dx.doi.org/10.1109/NCA51143.2020.93067052020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020.http://hdl.handle.net/11449/20833810.1109/NCA51143.2020.93067052-s2.0-85099725248Scopusreponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESPeng2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020info:eu-repo/semantics/openAccess2024-06-28T13:55:20Zoai:repositorio.unesp.br:11449/208338Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestopendoar:29462024-08-05T22:54:40.788200Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false
dc.title.none.fl_str_mv Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress)
title Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress)
spellingShingle Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress)
Da Silva, Leandro Marcos [UNESP]
Domain Name System
Malicious Domain
Multiclass Classification
Passive DNS
XGBoost
title_short Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress)
title_full Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress)
title_fullStr Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress)
title_full_unstemmed Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress)
title_sort Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress)
author Da Silva, Leandro Marcos [UNESP]
author_facet Da Silva, Leandro Marcos [UNESP]
Silveira, Marcos Rogerio [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
author_role author
author2 Silveira, Marcos Rogerio [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
author2_role author
author
author
dc.contributor.none.fl_str_mv Universidade Estadual Paulista (Unesp)
Brazilian Network Information Center
dc.contributor.author.fl_str_mv Da Silva, Leandro Marcos [UNESP]
Silveira, Marcos Rogerio [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
dc.subject.por.fl_str_mv Domain Name System
Malicious Domain
Multiclass Classification
Passive DNS
XGBoost
topic Domain Name System
Malicious Domain
Multiclass Classification
Passive DNS
XGBoost
description The Domain Name System (DNS) protocol provides the mapping between hostnames and Internet Protocol addresses and vice versa. However, attackers use the DNS structure to register malicious domains to engage in malicious activities. One way to mitigate these domains is to use blocklists, but there is considerable time in human detection and insertion into lists. Thus, there are works aimed at detecting domains in an automated way applying machine learning techniques. Given this scenario, the present work presents an analysis of blocklists to identify patterns in malicious domains, where it was concluded that Top Level Domains might be associated with the maliciousness of a domain. After that, a system overview for the multiclass classification of malicious domains using passive DNS is proposed. The system has an exclusive character, because it is the first to use a multiclass approach to indicate the threat present in the malicious domain, and yet, it uses XGBoost and techniques to balance the data.
publishDate 2020
dc.date.none.fl_str_mv 2020-11-24
2021-06-25T11:10:33Z
2021-06-25T11:10:33Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/conferenceObject
format conferenceObject
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://dx.doi.org/10.1109/NCA51143.2020.9306705
2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020.
http://hdl.handle.net/11449/208338
10.1109/NCA51143.2020.9306705
2-s2.0-85099725248
url http://dx.doi.org/10.1109/NCA51143.2020.9306705
http://hdl.handle.net/11449/208338
identifier_str_mv 2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020.
10.1109/NCA51143.2020.9306705
2-s2.0-85099725248
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.source.none.fl_str_mv Scopus
reponame:Repositório Institucional da UNESP
instname:Universidade Estadual Paulista (UNESP)
instacron:UNESP
instname_str Universidade Estadual Paulista (UNESP)
instacron_str UNESP
institution UNESP
reponame_str Repositório Institucional da UNESP
collection Repositório Institucional da UNESP
repository.name.fl_str_mv Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)
repository.mail.fl_str_mv
_version_ 1808129472592871424