Extending Black Domain Name List by Using Co-occurrence Relation between DNS Queries

نویسندگان

  • Kazumichi Sato
  • Keisuke Ishibashi
  • Tsuyoshi Toyono
  • Nobuhisa Miyake
چکیده

The Botnet threats, such as server attacks or sending of spam email, have been increasing. A method of using a blacklist of domain names has been proposed to find infected hosts. However, not all infected hosts may be found by this method because a blacklist does not cover all black domain names. In this paper, we present a method for finding unknown black domain names and extend the blacklist by using DNS traffic data and the original blacklist of known black domain names. We use co-occurrence relation of two different domain names to find unknown black domain names and extend a blacklist. If a domain name co-occurs with a known black name frequently, we assume that the domain name is also black. We evaluate the proposed method by cross validation, about 91 % of domain names that are in the validation list can be found as top 1 %.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

DNS Usage Mining Based on Clustering Analysis of Co-occurrence Patterns: Methods and Applications

The principal goal of DNS usage mining is the discovery and analysis of patterns in the query behavior of DNS users. In this paper, we develop a unified framework for DNS usage mining based on Clustering analysis of cooccurrence data derived from DNS server query data. Through transforming the raw query data into co-occurrence matrix, some clustering approaches and probabilistic inferences can ...

متن کامل

RFC 6763 DNS - Based Service Discovery

This document specifies how DNS resource records are named and structured to facilitate service discovery. Given a type of service that a client is looking for, and a domain in which the client is looking for that service, this mechanism allows clients to discover a list of named instances of that desired service, using standard DNS queries. This mechanism is referred to as DNS-based Service Di...

متن کامل

Engineering Task Force ( IETF ) S . Cheshire

This document specifies how DNS resource records are named and structured to facilitate service discovery. Given a type of service that a client is looking for, and a domain in which the client is looking for that service, this mechanism allows clients to discover a list of named instances of that desired service, using standard DNS queries. This mechanism is referred to as DNS-based Service Di...

متن کامل

Anonymous Resolution of DNS Queries

The use of the DNS as the underlying technology of new resolution name services can lead to privacy violations. The exchange of data between servers and clients flows without protection. Such an information can be captured by service providers and eventually sold with malicious purposes (i.e., spamming, phishing, etc.). A motivating example is the use of DNS on VoIP services for the translation...

متن کامل

PPDNS: Privacy-Preserving Domain Name System

In current DNS environment, each DNS query generated by a user reveals the origin and target of that query. Over time, a user’s browsing behavior and target domain name’s popularity might be exposed to entities with little or no trust. This paper presents the design and evaluation of a PrivacyPreserving Domain Name System (PPDNS), which prevents privacy leaks during domain name resolution with ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IEICE Transactions

دوره 95-B  شماره 

صفحات  -

تاریخ انتشار 2010