EXPOSURE: A Passive DNS Analysis Service to Detect and Report Malicious Domains
ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, cilt.16, sa.4, 2014 (SCI-Expanded, Scopus)
- Yayın Türü: Makale / Tam Makale
- Cilt numarası: 16 Sayı: 4
- Basım Tarihi: 2014
- Doi Numarası: 10.1145/2584679
- Dergi Adı: ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY
- Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus
- Hacettepe Üniversitesi Adresli: Evet
Özet
A wide range of malicious activities rely on the domain name service (DNS) to manage their large, distributed networks of infected machines. As a consequence, the monitoring and analysis of DNS queries has recently been proposed as one of the most promising techniques to detect and blacklist domains involved in malicious activities (e.g., phishing, spam, botnets command-and-control, etc.). EXPOSURE is a system we designed to detect such domains in real time, by applying 15 unique features grouped in four categories.