Extending Black Domain Name List by Using Co-occurrence Relation between DNS Queries
نویسندگان
چکیده
The Botnet threats, such as server attacks or sending of spam email, have been increasing. A method of using a blacklist of domain names has been proposed to find infected hosts. However, not all infected hosts may be found by this method because a blacklist does not cover all black domain names. In this paper, we present a method for finding unknown black domain names and extend the blacklist by using DNS traffic data and the original blacklist of known black domain names. We use co-occurrence relation of two different domain names to find unknown black domain names and extend a blacklist. If a domain name co-occurs with a known black name frequently, we assume that the domain name is also black. We evaluate the proposed method by cross validation, about 91 % of domain names that are in the validation list can be found as top 1 %.
منابع مشابه
DNS Usage Mining Based on Clustering Analysis of Co-occurrence Patterns: Methods and Applications
The principal goal of DNS usage mining is the discovery and analysis of patterns in the query behavior of DNS users. In this paper, we develop a unified framework for DNS usage mining based on Clustering analysis of cooccurrence data derived from DNS server query data. Through transforming the raw query data into co-occurrence matrix, some clustering approaches and probabilistic inferences can ...
متن کاملRFC 6763 DNS - Based Service Discovery
This document specifies how DNS resource records are named and structured to facilitate service discovery. Given a type of service that a client is looking for, and a domain in which the client is looking for that service, this mechanism allows clients to discover a list of named instances of that desired service, using standard DNS queries. This mechanism is referred to as DNS-based Service Di...
متن کاملEngineering Task Force ( IETF ) S . Cheshire
This document specifies how DNS resource records are named and structured to facilitate service discovery. Given a type of service that a client is looking for, and a domain in which the client is looking for that service, this mechanism allows clients to discover a list of named instances of that desired service, using standard DNS queries. This mechanism is referred to as DNS-based Service Di...
متن کاملAnonymous Resolution of DNS Queries
The use of the DNS as the underlying technology of new resolution name services can lead to privacy violations. The exchange of data between servers and clients flows without protection. Such an information can be captured by service providers and eventually sold with malicious purposes (i.e., spamming, phishing, etc.). A motivating example is the use of DNS on VoIP services for the translation...
متن کاملPPDNS: Privacy-Preserving Domain Name System
In current DNS environment, each DNS query generated by a user reveals the origin and target of that query. Over time, a user’s browsing behavior and target domain name’s popularity might be exposed to entities with little or no trust. This paper presents the design and evaluation of a PrivacyPreserving Domain Name System (PPDNS), which prevents privacy leaks during domain name resolution with ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IEICE Transactions
دوره 95-B شماره
صفحات -
تاریخ انتشار 2010