Proactive detection of algorithmically generated malicious domains

Jeffrey Spaulding; Jeman Park; Joongheon Kim; Aziz Mohaisen

doi:10.1109/ICOIN.2018.8343077

Proactive detection of algorithmically generated malicious domains

Jeffrey Spaulding, Jeman Park, Joongheon Kim, Aziz Mohaisen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

8 Citations (Scopus)

Abstract

Using an intrinsic feature of malicious domain name queries prior to their registration (perhaps due to clock drift), we devise a difference-based lightweight feature for malicious domain name detection. Using NXDomain query and response of a popular malware, we establish the effectiveness of our detector with 99% accuracy, and as early as more than 48 hours before they are registered. Our technique serves as a tool of detection where other techniques relying on entropy or domain generating algorithms reversing are impractical.

Original language	English
Title of host publication	32nd International Conference on Information Networking, ICOIN 2018
Publisher	IEEE Computer Society
Pages	21-24
Number of pages	4
ISBN (Electronic)	9781538622896
DOIs	https://doi.org/10.1109/ICOIN.2018.8343077
Publication status	Published - 19 Apr 2018
Event	32nd International Conference on Information Networking, ICOIN 2018 - Chiang Mai, Thailand Duration: 10 Jan 2018 → 12 Jan 2018

Publication series

Name	International Conference on Information Networking
Volume	2018-January
ISSN (Print)	1976-7684

Conference

Conference	32nd International Conference on Information Networking, ICOIN 2018
Country/Territory	Thailand
City	Chiang Mai
Period	10/01/18 → 12/01/18

Bibliographical note

Publisher Copyright:
© 2018 IEEE.

Keywords

Classification
DNS
Machine Learning

Access to Document

10.1109/ICOIN.2018.8343077

Cite this

@inproceedings{942e3c531b41440abcc8c08eff0cb856,

title = "Proactive detection of algorithmically generated malicious domains",

abstract = "Using an intrinsic feature of malicious domain name queries prior to their registration (perhaps due to clock drift), we devise a difference-based lightweight feature for malicious domain name detection. Using NXDomain query and response of a popular malware, we establish the effectiveness of our detector with 99% accuracy, and as early as more than 48 hours before they are registered. Our technique serves as a tool of detection where other techniques relying on entropy or domain generating algorithms reversing are impractical.",

keywords = "Classification, DNS, Machine Learning",

author = "Jeffrey Spaulding and Jeman Park and Joongheon Kim and Aziz Mohaisen",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 32nd International Conference on Information Networking, ICOIN 2018 ; Conference date: 10-01-2018 Through 12-01-2018",

year = "2018",

month = apr,

day = "19",

doi = "10.1109/ICOIN.2018.8343077",

language = "English",

series = "International Conference on Information Networking",

publisher = "IEEE Computer Society",

pages = "21--24",

booktitle = "32nd International Conference on Information Networking, ICOIN 2018",

address = "United States",

}

Spaulding, J, Park, J, Kim, J & Mohaisen, A 2018, Proactive detection of algorithmically generated malicious domains. in 32nd International Conference on Information Networking, ICOIN 2018. International Conference on Information Networking, vol. 2018-January, IEEE Computer Society, pp. 21-24, 32nd International Conference on Information Networking, ICOIN 2018, Chiang Mai, Thailand, 10/01/18. https://doi.org/10.1109/ICOIN.2018.8343077

Proactive detection of algorithmically generated malicious domains. / Spaulding, Jeffrey; Park, Jeman; Kim, Joongheon et al.
32nd International Conference on Information Networking, ICOIN 2018. IEEE Computer Society, 2018. p. 21-24 (International Conference on Information Networking; Vol. 2018-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Proactive detection of algorithmically generated malicious domains

AU - Spaulding, Jeffrey

AU - Park, Jeman

AU - Kim, Joongheon

AU - Mohaisen, Aziz

PY - 2018/4/19

Y1 - 2018/4/19

N2 - Using an intrinsic feature of malicious domain name queries prior to their registration (perhaps due to clock drift), we devise a difference-based lightweight feature for malicious domain name detection. Using NXDomain query and response of a popular malware, we establish the effectiveness of our detector with 99% accuracy, and as early as more than 48 hours before they are registered. Our technique serves as a tool of detection where other techniques relying on entropy or domain generating algorithms reversing are impractical.

AB - Using an intrinsic feature of malicious domain name queries prior to their registration (perhaps due to clock drift), we devise a difference-based lightweight feature for malicious domain name detection. Using NXDomain query and response of a popular malware, we establish the effectiveness of our detector with 99% accuracy, and as early as more than 48 hours before they are registered. Our technique serves as a tool of detection where other techniques relying on entropy or domain generating algorithms reversing are impractical.

KW - Classification

KW - DNS

KW - Machine Learning

UR - http://www.scopus.com/inward/record.url?scp=85047014439&partnerID=8YFLogxK

U2 - 10.1109/ICOIN.2018.8343077

DO - 10.1109/ICOIN.2018.8343077

M3 - Conference contribution

AN - SCOPUS:85047014439

T3 - International Conference on Information Networking

SP - 21

EP - 24

BT - 32nd International Conference on Information Networking, ICOIN 2018

PB - IEEE Computer Society

T2 - 32nd International Conference on Information Networking, ICOIN 2018

Y2 - 10 January 2018 through 12 January 2018

ER -

Proactive detection of algorithmically generated malicious domains

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this