XGBoost Applied to Identify Malicious Domains Using Passive DNS

Detalhes bibliográficos
Autor(a) principal: Silveira, Marcos Rogerio [UNESP]
Data de Publicação: 2020
Outros Autores: Silva, Leandro Marcos da [UNESP], Cansian, Adriano Mauro [UNESP], Kobayashi, Hugo Koji, GkoulalasDivanis, A., Marchetti, M., Avresky, D. R.
Tipo de documento: Artigo de conferência
Idioma: eng
Título da fonte: Repositório Institucional da UNESP
Texto Completo: http://hdl.handle.net/11449/218874
Resumo: The Domain Name System (DNS) is an essential component for the Internet, as its main function is to map the domain name to Internet Protocol addresses, in which the hosts respond. Because of its importance, attackers use this tool for malicious purposes such as spreading malware, botnets, fast-flux domains, and Domain Generation Algorithms (DGAs). In this paper, we present an approach to automatically detect malicious domains using passive DNS, using the supervised machine learning algorithm Extreme Gradient Boosting (XGBoost). We use 12 features extracted exclusively from DNS traffic. The model's evaluation proved its effectiveness with an average AUC of 0.9763.
id UNSP_eab6a193a57a2b6130b0299a6520dd2f
oai_identifier_str oai:repositorio.unesp.br:11449/218874
network_acronym_str UNSP
network_name_str Repositório Institucional da UNESP
repository_id_str 2946
spelling XGBoost Applied to Identify Malicious Domains Using Passive DNSDomain Name Systemmalicious domainpassive DNSmachine learningThe Domain Name System (DNS) is an essential component for the Internet, as its main function is to map the domain name to Internet Protocol addresses, in which the hosts respond. Because of its importance, attackers use this tool for malicious purposes such as spreading malware, botnets, fast-flux domains, and Domain Generation Algorithms (DGAs). In this paper, we present an approach to automatically detect malicious domains using passive DNS, using the supervised machine learning algorithm Extreme Gradient Boosting (XGBoost). We use 12 features extracted exclusively from DNS traffic. The model's evaluation proved its effectiveness with an average AUC of 0.9763.Fundação para o Desenvolvimento da UNESP (FUNDUNESP)Univ Estadual Paulista UNESP, Sao Paulo, BrazilBrazilian Network Informat Ctr NICBR, Sao Paulo, BrazilUniv Estadual Paulista UNESP, Sao Paulo, BrazilFUNDUNESP: 2764/2018IeeeUniversidade Estadual Paulista (UNESP)Brazilian Network Informat Ctr NICBRSilveira, Marcos Rogerio [UNESP]Silva, Leandro Marcos da [UNESP]Cansian, Adriano Mauro [UNESP]Kobayashi, Hugo KojiGkoulalasDivanis, A.Marchetti, M.Avresky, D. R.2022-04-28T17:30:19Z2022-04-28T17:30:19Z2020-01-01info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/conferenceObject42020 Ieee 19th International Symposium On Network Computing And Applications (nca). New York: Ieee, 4 p., 2020.2643-7910http://hdl.handle.net/11449/218874WOS:000661912700045Web of Sciencereponame:Repositório Institucional da UNESPinstname:Universidade Estadual Paulista (UNESP)instacron:UNESPeng2020 Ieee 19th International Symposium On Network Computing And Applications (nca)info:eu-repo/semantics/openAccess2024-06-28T13:55:21Zoai:repositorio.unesp.br:11449/218874Repositório InstitucionalPUBhttp://repositorio.unesp.br/oai/requestopendoar:29462024-08-05T23:52:29.214983Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)false
dc.title.none.fl_str_mv XGBoost Applied to Identify Malicious Domains Using Passive DNS
title XGBoost Applied to Identify Malicious Domains Using Passive DNS
spellingShingle XGBoost Applied to Identify Malicious Domains Using Passive DNS
Silveira, Marcos Rogerio [UNESP]
Domain Name System
malicious domain
passive DNS
machine learning
title_short XGBoost Applied to Identify Malicious Domains Using Passive DNS
title_full XGBoost Applied to Identify Malicious Domains Using Passive DNS
title_fullStr XGBoost Applied to Identify Malicious Domains Using Passive DNS
title_full_unstemmed XGBoost Applied to Identify Malicious Domains Using Passive DNS
title_sort XGBoost Applied to Identify Malicious Domains Using Passive DNS
author Silveira, Marcos Rogerio [UNESP]
author_facet Silveira, Marcos Rogerio [UNESP]
Silva, Leandro Marcos da [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
GkoulalasDivanis, A.
Marchetti, M.
Avresky, D. R.
author_role author
author2 Silva, Leandro Marcos da [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
GkoulalasDivanis, A.
Marchetti, M.
Avresky, D. R.
author2_role author
author
author
author
author
author
dc.contributor.none.fl_str_mv Universidade Estadual Paulista (UNESP)
Brazilian Network Informat Ctr NICBR
dc.contributor.author.fl_str_mv Silveira, Marcos Rogerio [UNESP]
Silva, Leandro Marcos da [UNESP]
Cansian, Adriano Mauro [UNESP]
Kobayashi, Hugo Koji
GkoulalasDivanis, A.
Marchetti, M.
Avresky, D. R.
dc.subject.por.fl_str_mv Domain Name System
malicious domain
passive DNS
machine learning
topic Domain Name System
malicious domain
passive DNS
machine learning
description The Domain Name System (DNS) is an essential component for the Internet, as its main function is to map the domain name to Internet Protocol addresses, in which the hosts respond. Because of its importance, attackers use this tool for malicious purposes such as spreading malware, botnets, fast-flux domains, and Domain Generation Algorithms (DGAs). In this paper, we present an approach to automatically detect malicious domains using passive DNS, using the supervised machine learning algorithm Extreme Gradient Boosting (XGBoost). We use 12 features extracted exclusively from DNS traffic. The model's evaluation proved its effectiveness with an average AUC of 0.9763.
publishDate 2020
dc.date.none.fl_str_mv 2020-01-01
2022-04-28T17:30:19Z
2022-04-28T17:30:19Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/conferenceObject
format conferenceObject
status_str publishedVersion
dc.identifier.uri.fl_str_mv 2020 Ieee 19th International Symposium On Network Computing And Applications (nca). New York: Ieee, 4 p., 2020.
2643-7910
http://hdl.handle.net/11449/218874
WOS:000661912700045
identifier_str_mv 2020 Ieee 19th International Symposium On Network Computing And Applications (nca). New York: Ieee, 4 p., 2020.
2643-7910
WOS:000661912700045
url http://hdl.handle.net/11449/218874
dc.language.iso.fl_str_mv eng
language eng
dc.relation.none.fl_str_mv 2020 Ieee 19th International Symposium On Network Computing And Applications (nca)
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv 4
dc.publisher.none.fl_str_mv Ieee
publisher.none.fl_str_mv Ieee
dc.source.none.fl_str_mv Web of Science
reponame:Repositório Institucional da UNESP
instname:Universidade Estadual Paulista (UNESP)
instacron:UNESP
instname_str Universidade Estadual Paulista (UNESP)
instacron_str UNESP
institution UNESP
reponame_str Repositório Institucional da UNESP
collection Repositório Institucional da UNESP
repository.name.fl_str_mv Repositório Institucional da UNESP - Universidade Estadual Paulista (UNESP)
repository.mail.fl_str_mv
_version_ 1808129560758190080

Registros relacionados