Title

Defending Internet Of Things Against Malicious Domain Names Using D-Fens

Keywords

Cybersecurity; DNS security; Machine learning; Neural networks

Abstract

Malicious domain names have long been pervasive in the global DNS (Domain Name System) infrastructure and lend themselves to undesirable activities such as phishing or even DNS-based attacks like distributed denial-of-service (DDoS) and DNS rebinding. With the rise and explosive growth of the Internet of Things (IoT), adversaries are exploiting these devices which typically lack security measures to launch DNS-based attacks through malicious domain names. Typical countermeasures against such malicious domain names employ blacklists and whitelists to determine which domain names should be resolved. While these domain lists offer fast lookup times, they require carefully curated and up-to-date information which tends to fall short of detecting newly-registered malicious domain names. In this work, we present a system called D-FENS (DNS Filtering & Extraction Network System) which works in tandem with blacklists and features a live DNS server and binary classifier to accurately predict unreported malicious domain names. The D-FENS classifier model operates at the character-level and leverages the use of deep learning architectures such as Convolutional Neural Networks (CNN) and Long Short-Term Memory networks (LSTM) for real-time classification which forgoes the need for feature-engineering typically associated with traditional machine learning approaches. Sourcing from free and open datasets, we evaluate our system and achieve a 0.95 area under the receiver operating characteristic curve for binary classification. By accurately predicting unreported malicious domain names in real-time, D-FENS prevents Internet-connected systems from unknowingly connecting to potentially malicious domain names.

Publication Date

12-6-2018

Publication Title

Proceedings - 2018 3rd ACM/IEEE Symposium on Edge Computing, SEC 2018

Number of Pages

387-392

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/SEC.2018.00051

Socpus ID

85060257752 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85060257752

This document is currently not available here.

Share

COinS