Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress)
Autor(a) principal: | |
---|---|
Data de Publicação: | 2020 |
Outros Autores: | , , |
Tipo de documento: | Artigo de conferência |
Idioma: | eng |
Título da fonte: | Repositório Institucional da UNESP |
Texto Completo: | http://dx.doi.org/10.1109/NCA51143.2020.9306705 http://hdl.handle.net/11449/208338 |
Resumo: | The Domain Name System (DNS) protocol provides the mapping between hostnames and Internet Protocol addresses and vice versa. However, attackers use the DNS structure to register malicious domains to engage in malicious activities. One way to mitigate these domains is to use blocklists, but there is considerable time in human detection and insertion into lists. Thus, there are works aimed at detecting domains in an automated way applying machine learning techniques. Given this scenario, the present work presents an analysis of blocklists to identify patterns in malicious domains, where it was concluded that Top Level Domains might be associated with the maliciousness of a domain. After that, a system overview for the multiclass classification of malicious domains using passive DNS is proposed. The system has an exclusive character, because it is the first to use a multiclass approach to indicate the threat present in the malicious domain, and yet, it uses XGBoost and techniques to balance the data. |
id |
UNSP_bac31f1637fc8f934582611e1c7bddd3 |
---|---|
oai_identifier_str |
oai:repositorio.unesp.br:11449/208338 |
network_acronym_str |
UNSP |
network_name_str |
Repositório Institucional da UNESP |
repository_id_str |
2946 |
spelling |
Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress)Domain Name SystemMalicious DomainMulticlass ClassificationPassive DNSXGBoostThe Domain Name System (DNS) protocol provides the mapping between hostnames and Internet Protocol addresses and vice versa. However, attackers use the DNS structure to register malicious domains to engage in malicious activities. One way to mitigate these domains is to use blocklists, but there is considerable time in human detection and insertion into lists. Thus, there are works aimed at detecting domains in an automated way applying machine learning techniques. Given this scenario, the present work presents an analysis of blocklists to identify patterns in malicious domains, where it was concluded that Top Level Domains might be associated with the maliciousness of a domain. After that, a system overview for the multiclass classification of malicious domains using passive DNS is proposed. The system has an exclusive character, because it is the first to use a multiclass approach to indicate the threat present in the malicious domain, and yet, it uses XGBoost and techniques to balance the data.Sao Paulo State University (UNESP)NICBR Brazilian Network Information CenterSao Paulo State University (UNESP)Universidade Estadual Paulista (Unesp)Brazilian Network Information CenterDa Silva, Leandro Marcos [UNESP]Silveira, Marcos Rogerio [UNESP]Cansian, Adriano Mauro [UNESP]Kobayashi, Hugo Koji2021-06-25T11:10:33Z2021-06-25T11:10:33Z2020-11-24info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/conferenceObjecthttp://dx.doi.org/10.1109/NCA51143.2020.93067052020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020.http://hdl.handle.net/11449/20833810.1109/NCA51143.2020.93067052-s2.0-85099725248Scopusreponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESPeng2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020info:eu-repo/semantics/openAccess2024-06-28T13:55:20Zoai:repositorio.unesp.br:11449/208338Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestopendoar:29462024-08-05T22:54:40.788200Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false |
dc.title.none.fl_str_mv |
Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress) |
title |
Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress) |
spellingShingle |
Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress) Da Silva, Leandro Marcos [UNESP] Domain Name System Malicious Domain Multiclass Classification Passive DNS XGBoost |
title_short |
Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress) |
title_full |
Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress) |
title_fullStr |
Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress) |
title_full_unstemmed |
Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress) |
title_sort |
Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost: (Work in Progress) |
author |
Da Silva, Leandro Marcos [UNESP] |
author_facet |
Da Silva, Leandro Marcos [UNESP] Silveira, Marcos Rogerio [UNESP] Cansian, Adriano Mauro [UNESP] Kobayashi, Hugo Koji |
author_role |
author |
author2 |
Silveira, Marcos Rogerio [UNESP] Cansian, Adriano Mauro [UNESP] Kobayashi, Hugo Koji |
author2_role |
author author author |
dc.contributor.none.fl_str_mv |
Universidade Estadual Paulista (Unesp) Brazilian Network Information Center |
dc.contributor.author.fl_str_mv |
Da Silva, Leandro Marcos [UNESP] Silveira, Marcos Rogerio [UNESP] Cansian, Adriano Mauro [UNESP] Kobayashi, Hugo Koji |
dc.subject.por.fl_str_mv |
Domain Name System Malicious Domain Multiclass Classification Passive DNS XGBoost |
topic |
Domain Name System Malicious Domain Multiclass Classification Passive DNS XGBoost |
description |
The Domain Name System (DNS) protocol provides the mapping between hostnames and Internet Protocol addresses and vice versa. However, attackers use the DNS structure to register malicious domains to engage in malicious activities. One way to mitigate these domains is to use blocklists, but there is considerable time in human detection and insertion into lists. Thus, there are works aimed at detecting domains in an automated way applying machine learning techniques. Given this scenario, the present work presents an analysis of blocklists to identify patterns in malicious domains, where it was concluded that Top Level Domains might be associated with the maliciousness of a domain. After that, a system overview for the multiclass classification of malicious domains using passive DNS is proposed. The system has an exclusive character, because it is the first to use a multiclass approach to indicate the threat present in the malicious domain, and yet, it uses XGBoost and techniques to balance the data. |
publishDate |
2020 |
dc.date.none.fl_str_mv |
2020-11-24 2021-06-25T11:10:33Z 2021-06-25T11:10:33Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/conferenceObject |
format |
conferenceObject |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://dx.doi.org/10.1109/NCA51143.2020.9306705 2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020. http://hdl.handle.net/11449/208338 10.1109/NCA51143.2020.9306705 2-s2.0-85099725248 |
url |
http://dx.doi.org/10.1109/NCA51143.2020.9306705 http://hdl.handle.net/11449/208338 |
identifier_str_mv |
2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020. 10.1109/NCA51143.2020.9306705 2-s2.0-85099725248 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
2020 IEEE 19th International Symposium on Network Computing and Applications, NCA 2020 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.source.none.fl_str_mv |
Scopus reponame:Repositório Institucional da UNESP instname:Universidade Estadual Paulista (UNESP) instacron:UNESP |
instname_str |
Universidade Estadual Paulista (UNESP) |
instacron_str |
UNESP |
institution |
UNESP |
reponame_str |
Repositório Institucional da UNESP |
collection |
Repositório Institucional da UNESP |
repository.name.fl_str_mv |
Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP) |
repository.mail.fl_str_mv |
|
_version_ |
1808129472592871424 |