EXPOSURE: A Passive DNS Analysis Service to Detect and Report Malicious Domains


Bilge L., Sen S., Balzarotti D., Kirda E., Kruegel C.

ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, vol.16, no.4, 2014 (Peer-Reviewed Journal) identifier identifier

  • Publication Type: Article / Article
  • Volume: 16 Issue: 4
  • Publication Date: 2014
  • Doi Number: 10.1145/2584679
  • Journal Name: ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY
  • Journal Indexes: Science Citation Index Expanded, Scopus

Abstract

A wide range of malicious activities rely on the domain name service (DNS) to manage their large, distributed networks of infected machines. As a consequence, the monitoring and analysis of DNS queries has recently been proposed as one of the most promising techniques to detect and blacklist domains involved in malicious activities (e.g., phishing, spam, botnets command-and-control, etc.). EXPOSURE is a system we designed to detect such domains in real time, by applying 15 unique features grouped in four categories.