Building a Dynamic Reputation System for DNS
نویسندگان
چکیده
The Domain Name System (DNS) is an essential protocol used by both legitimate Internet applications and cyber attacks. For example, botnets rely on DNS to support agile command and control infrastructures. An effective way to disrupt these attacks is to place malicious domains on a “blocklist” (or “blacklist”) or to add a filtering rule in a firewall or network intrusion detection system. To evade such security countermeasures, attackers have used DNS agility, e.g., by using new domains daily to evade static blacklists and firewalls. In this paper we propose Notos, a dynamic reputation system for DNS. The premise of this system is that malicious, agile use of DNS has unique characteristics and can be distinguished from legitimate, professionally provisioned DNS services. Notos uses passive DNS query data and analyzes the network and zone features of domains. It builds models of known legitimate domains and malicious domains, and uses these models to compute a reputation score for a new domain indicative of whether the domain is malicious or legitimate. We have evaluated Notos in a large ISP’s network with DNS traffic from 1.4 million users. Our results show that Notos can identify malicious domains with high accuracy (true positive rate of 96.8%) and low false positive rate (0.38%), and can identify these domains weeks or even months before they appear in public blacklists.
منابع مشابه
Efficacy of Dynamic Neuromuscular Stabilization Breathing Exercises on Chest Mobility, Trunk Muscles, and Thoracic Kyphosis: A Randomized Controlled 6-Week Trial
Objectives: Dynamic Neuromuscular Stabilization (DNS) approach evaluates and activates the spinal stabilizers to optimize the performance of posture and respiratory system. This study investigated the effects of DNS breathing exercises on upper and lower chest wall mobility (UCM and LCM), trunk extensor endurance, and thoracic kyphosis in a group of sedentary students with poor posture. Method...
متن کاملEffect of Dynamic Neuromuscular Stabilization Breathing Exercises on Some Spirometry Indices of Sedentary Students With Poor Posture
Purpose: Dynamic Neuromuscular Stabilization (DNS) approach is developed based on neurodevelopmental kinesiology and reflex-mediated core stabilization concepts. But the outcomes of this approach remain unclear. So changes in some spirometry indices in response to DNS breathing exercises in sedentary students with poor posture will be explored. Methods: In this single-group pretest-posttest st...
متن کاملMentor: Positive DNS Reputation to Skim-Off Benign Domains in Botnet C&C Blacklists
The Domain Name System (DNS) is an essential infrastructure service on the internet. It provides a worldwide mapping between easily memorizable domain names and numerical IP addresses. Today, legitimate users and malicious applications use this service to locate content on the internet. Yet botnets increasingly rely on DNS to connect to their command and control servers. A widespread approach t...
متن کاملDetecting Malware Domains at the Upper DNS Hierarchy
In recent years Internet miscreants have been leveraging the DNS to build malicious network infrastructures for malware command and control. In this paper we propose a novel detection system called Kopis for detecting malware-related domain names. Kopis passively monitors DNS traffic at the upper levels of the DNS hierarchy, and is able to accurately detect malware domains by analyzing global D...
متن کاملWindows 2000: A Threat to Internet Diversity and Open Standards?
R ecently, Microsoft launched Windows 2000 (formerly known as NT 5.0) with huge fanfare. A late arrival and significant new features and benefits don't differentiate Windows 2000 from most large software development projects or new operating system releases. The trait that sets Windows 2000 apart is its focus on the Internet. Microsoft conceived Windows 2000 as the operating system for the Inte...
متن کامل