Clustering Malicious DNS Queries for Blacklist-Based Detection
-
- SATOH Akihiro
- Kyushu Institute of Technology
-
- NAKAMURA Yutaka
- Kyushu Institute of Technology
-
- NOBAYASHI Daiki
- Kyushu Institute of Technology
-
- SASAI Kazuto
- Ibaraki University
-
- KITAGATA Gen
- Tohoku University
-
- IKENAGA Takeshi
- Kyushu Institute of Technology
Search this article
Abstract
<p>Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.</p>
Journal
-
- IEICE Transactions on Information and Systems
-
IEICE Transactions on Information and Systems E102.D (7), 1404-1407, 2019-07-01
The Institute of Electronics, Information and Communication Engineers
- Tweet
Keywords
Details 詳細情報について
-
- CRID
- 1390001288151024256
-
- NII Article ID
- 130007671324
-
- NII Book ID
- AA10826272
-
- ISSN
- 17451361
- 09168532
-
- HANDLE
- 10228/00007647
-
- Text Lang
- en
-
- Data Source
-
- JaLC
- IRDB
- Crossref
- CiNii Articles
- KAKEN
-
- Abstract License Flag
- Disallowed