Clustering Malicious DNS Queries for Blacklist-Based Detection
-
- SATOH Akihiro
- Kyushu Institute of Technology
-
- NAKAMURA Yutaka
- Kyushu Institute of Technology
-
- NOBAYASHI Daiki
- Kyushu Institute of Technology
-
- SASAI Kazuto
- Ibaraki University
-
- KITAGATA Gen
- Tohoku University
-
- IKENAGA Takeshi
- Kyushu Institute of Technology
この論文をさがす
抄録
<p>Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.</p>
収録刊行物
-
- IEICE Transactions on Information and Systems
-
IEICE Transactions on Information and Systems E102.D (7), 1404-1407, 2019-07-01
一般社団法人 電子情報通信学会
- Tweet
詳細情報 詳細情報について
-
- CRID
- 1390001288151024256
-
- NII論文ID
- 130007671324
-
- NII書誌ID
- AA10826272
-
- ISSN
- 17451361
- 09168532
-
- HANDLE
- 10228/00007647
-
- 本文言語コード
- en
-
- データソース種別
-
- JaLC
- IRDB
- Crossref
- CiNii Articles
- KAKEN
-
- 抄録ライセンスフラグ
- 使用不可