Clustering Malicious DNS Queries for Blacklist-Based Detection

Clustering Malicious DNS Queries for Blacklist-Based Detection

Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEICE Transactions on Information and Systems 2019/07/01, Vol.E102.D(7), pp.1404-1407
Hauptverfasser: SATOH, Akihiro, NAKAMURA, Yutaka, NOBAYASHI, Daiki, SASAI, Kazuto, KITAGATA, Gen, IKENAGA, Takeshi
Format: Artikel
Sprache:eng
Schlagworte:
blacklist
Blacklisting
Classification
Clustering
Cybersecurity
DNS query
machine learning
Malware
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.
ISSN:0916-8532
1745-1361
DOI:10.1587/transinf.2018EDL8211