Unsupervised Clustering for Identification of Malicious Domain Campaigns
作者: Michael Weber , Jun Wang , Yuchen Zhou
关键词:
摘要: New malicious domain campaigns often include large sets of domains registered in bulk and deployed simultaneously. Early identification these can be accomplished with distance functions or regular expressions domains, but methods may also miss some campaign domains. Other studies have used time-of-registration features to help identify This paper explores the use unsupervised clustering based on passive DNS records other inherent network information that part resistant detection by name analysis alone. We found using this method, we achieve up 2.1x expansion from a seed known less than 4% false positives. could useful tool augment identifying
acm.org 
sci-hub.se 参考文章(10)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
Mark Felegyhazi, Vern Paxson, Christian Kreibich, On the potential of proactive domain blacklisting usenix conference on large scale exploits and emergent threats. pp. 6- 6 ,(2010)
Leyla Bilge, Engin Kirda, Christopher Kruegel, Marco Balduzzi, EXPOSURE : Finding malicious domains using passive DNS analysis network and distributed system security symposium. ,(2011)
Shuang Hao, Matthew Thomas, Vern Paxson, Nick Feamster, Christian Kreibich, Chris Grier, Scott Hollenbeck, Understanding the domain registration behavior of spammers internet measurement conference. pp. 63- 76 ,(2013) , 10.1145/2504730.2504753
Fabian Pedregosa, Gaël Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Andreas Müller, Joel Nothman, Gilles Louppe, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, Jake Vanderplas, Alexandre Passos, David Cournapeau, Matthieu Brucher, Matthieu Perrot, Édouard Duchesnay, Scikit-learn: Machine Learning in Python Journal of Machine Learning Research. ,vol. 12, pp. 2825- 2830 ,(2011)
Liang Shi, Derek Lin, Chunsheng Victor Fang, Yan Zhai, A Hybrid Learning from Multi-behavior for Malicious Domain Detection on Enterprise Network international conference on data mining. pp. 987- 996 ,(2015) , 10.1109/ICDMW.2015.38
Issa Khalil, Ting Yu, Bei Guan, Discovering Malicious Domains through Passive DNS Data Graph Analysis computer and communications security. pp. 663- 674 ,(2016) , 10.1145/2897845.2897877
Roberto Perdisci, David Dagon, Manos Antonakakis, Nikolaos Vasiloglou, Wenke Lee, Detecting malware domains at the upper DNS hierarchy usenix security symposium. pp. 27- 27 ,(2011)
Shuang Hao, Alex Kantchelian, Brad Miller, Vern Paxson, Nick Feamster, PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration computer and communications security. pp. 1568- 1579 ,(2016) , 10.1145/2976749.2978317
Daiping Liu, Zhou Li, Kun Du, Haining Wang, Baojun Liu, Haixin Duan, Don't Let One Rotten Apple Spoil the Whole Barrel: Towards Automated Detection of Shadowed Domains computer and communications security. pp. 537- 552 ,(2017) , 10.1145/3133956.3134049