Malicious Domain Names Detection Algorithm Based on Lexical Analysis and Feature Quantification

Zhao, Hong; Chang, Zhaobin; Wang, Weijie; Zeng, Xiangyan

doi:10.1109/access.2019.2940554

Cited by 19 publications

(4 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A path-based mechanism was used to derive a malicious score for each domain. A different approach proposed in [46] calculated the reputation score based on domain name lexical features.…”

Section: ) Algorithmic Methodsmentioning

confidence: 99%

IMDoC: Identification of Malicious Domain Campaigns via DNS and Communicating Files

Lazar

Cohen

Freund³

et al. 2021

IEEE Access

View full text Add to dashboard Cite

Cyber attacks have become more sophisticated and frequent over the years. Detecting the components operated during a cyber attack and relating them to a specific threat actor is one of the main challenges facing cyber security systems. Reliable detection of malicious components and identification of the threat actor is imperative to mitigate security issues by Security Operations Center (SOC) analysts. The Domain Name System (DNS) plays a significant role in most cyber attacks observed nowadays in that domains act as a Command and Control (C&C) in coordinated bot network attacks or impersonate legitimate websites in phishing attacks. Thus, DNS analysis has become a popular tool for malicious domain identification. In this collaborative research associating Ben-Gurion University and IBM, we develop a novel algorithm to detect malicious domains and relate them to a specific malware campaign in a large-scale real-data DNS traffic environment, dubbed Identification of Malicious Domain Campaigns (IMDoC) algorithm. Its novelty resides in developing a framework that combines the existence of communicating files for the observed domains and their DNS request patterns in a real production environment. The analysis was conducted on real data from Quad9 (9.9.9.9) DNS recursive resolvers combined with malicious communicating files extracted from VirusTotal, and confirms the strong performance of the algorithm on a real large-scale data production environment. INDEX TERMS Cyber security, domain name system (DNS), clustering methods, detection algorithms.

show abstract

“…A path-based mechanism was used to derive a malicious score for each domain. A different approach proposed in [46] calculated the reputation score based on domain name lexical features.…”

Section: ) Algorithmic Methodsmentioning

confidence: 99%

IMDoC: Identification of Malicious Domain Campaigns via DNS and Communicating Files

Lazar

Cohen

Freund³

et al. 2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…23 lexical characteristics are extracted from the URL, and the Random Forest algorithm achieves 92% accuracy. Lexical analysis and feature quantification are used by Hong et al [7] to identify harmful domain names. For successful and precise detection, the approach consists of two stages.…”

Section: Related Workmentioning

confidence: 99%

Structural Analysis of URL For Malicious URL Detection Using Machine Learning

A. Saleem Raja,

S. Peerbashab,

Y. Mohammed Iqbal

et al. 2023

JOAASR

View full text Add to dashboard Cite

Malicious websites are intentionally created websites that aid online criminals in carrying out illicit actions. They commit crimes like installing malware on the victim's computer, stealing private data from the victim's system, and exposing the victim online. Malicious codes can also be found on legitimate websites. Therefore, locating such a website in cyberspace is a difficult operation that demands the utilization of an automated detection tool. Currently, machine learning/deep learning technologies are employed to detect such malicious websites. However, the problem persists since the attack vector is constantly changing. Most research solutions use a limited number of URL lexical features, DNS information, global ranking information, and webpage content features. Combining several derived features involves computation time and security risk. Additionally, the dataset's minimal features don't maximize its potential. This paper exclusively uses URLs to address this problem and blends linguistic and vectorized URL features. Complete potential of the URL is utilized through vectorization. Six machine learning algorithms are examined. The results indicate that the proposed approach performs better for the count vectorizer with random forest algorithm

show abstract

“…Any dialogue concerning statistics has to cope with security and privacy especially in relation to handling more sensitive data. The events in the code area and server space that led to statistics deletion and eventual shut down of the company should not be neglected [20], [21]. So, dependence on service providers carries potential risk of data leakage and security breach.…”

Section: Problem Definition and Motivationmentioning

confidence: 99%

GLObfus: An Enhanced Data Security Method to Protect Numerical Data in Public Cloud Storage

Amalarethinam¹,

George²

2020

IJCTE

View full text Add to dashboard Cite

Malicious Domain Names Detection Algorithm Based on Lexical Analysis and Feature Quantification

Cited by 19 publications

References 35 publications

IMDoC: Identification of Malicious Domain Campaigns via DNS and Communicating Files

IMDoC: Identification of Malicious Domain Campaigns via DNS and Communicating Files

Structural Analysis of URL For Malicious URL Detection Using Machine Learning

GLObfus: An Enhanced Data Security Method to Protect Numerical Data in Public Cloud Storage

Contact Info

Product

Resources

About