Proactive Detection Of Algorithmically Generated Malicious Domains

Creator

Jeffrey Spaulding, University of Central Florida
Jeman Park, University of Central Florida
Joongheon Kim, Chung-Ang University
Aziz Mohaisen, University of Central Florida

Keywords

Classification; DNS; Machine Learning

Abstract

Using an intrinsic feature of malicious domain name queries prior to their registration (perhaps due to clock drift), we devise a difference-based lightweight feature for malicious domain name detection. Using NXDomain query and response of a popular malware, we establish the effectiveness of our detector with 99% accuracy, and as early as more than 48 hours before they are registered. Our technique serves as a tool of detection where other techniques relying on entropy or domain generating algorithms reversing are impractical.

Publication Date

4-19-2018

Publication Title

International Conference on Information Networking

Volume

2018-January

Number of Pages

21-24

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1109/ICOIN.2018.8343077

Copyright Status

Unknown

Socpus ID

85047014439 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85047014439

STARS Citation

Spaulding, Jeffrey; Park, Jeman; Kim, Joongheon; and Mohaisen, Aziz, "Proactive Detection Of Algorithmically Generated Malicious Domains" (2018). Scopus Export 2015-2019. 9503.
https://stars.library.ucf.edu/scopus2015/9503