EXPOSURE: A Passive DNS Analysis Service to Detect and Report Malicious Domains

Bilge, Leyla; Sen, SEVİL; Balzarotti, Davide; Kirda, Engin; Kruegel, Christopher

doi:10.1145/2584679

EXPOSURE: A Passive DNS Analysis Service to Detect and Report Malicious Domains

Atıf İçin Kopyala

Bilge L., Sen S., Balzarotti D., Kirda E., Kruegel C.

ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, cilt.16, sa.4, 2014 (SCI-Expanded)

Yayın Türü: Makale / Tam Makale
Cilt numarası: 16 Sayı: 4
Basım Tarihi: 2014
Doi Numarası: 10.1145/2584679
Dergi Adı: ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY
Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus
Hacettepe Üniversitesi Adresli: Evet

Özet

A wide range of malicious activities rely on the domain name service (DNS) to manage their large, distributed networks of infected machines. As a consequence, the monitoring and analysis of DNS queries has recently been proposed as one of the most promising techniques to detect and blacklist domains involved in malicious activities (e.g., phishing, spam, botnets command-and-control, etc.). EXPOSURE is a system we designed to detect such domains in real time, by applying 15 unique features grouped in four categories.