Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.
Akihiro SATOH
Kyushu Institute of Technology
Yutaka NAKAMURA
Kyushu Institute of Technology
Daiki NOBAYASHI
Kyushu Institute of Technology
Kazuto SASAI
Ibaraki University
Gen KITAGATA
Tohoku University
Takeshi IKENAGA
Kyushu Institute of Technology
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copy
Akihiro SATOH, Yutaka NAKAMURA, Daiki NOBAYASHI, Kazuto SASAI, Gen KITAGATA, Takeshi IKENAGA, "Clustering Malicious DNS Queries for Blacklist-Based Detection" in IEICE TRANSACTIONS on Information,
vol. E102-D, no. 7, pp. 1404-1407, July 2019, doi: 10.1587/transinf.2018EDL8211.
Abstract: Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2018EDL8211/_p
Copy
@ARTICLE{e102-d_7_1404,
author={Akihiro SATOH, Yutaka NAKAMURA, Daiki NOBAYASHI, Kazuto SASAI, Gen KITAGATA, Takeshi IKENAGA, },
journal={IEICE TRANSACTIONS on Information},
title={Clustering Malicious DNS Queries for Blacklist-Based Detection},
year={2019},
volume={E102-D},
number={7},
pages={1404-1407},
abstract={Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.},
keywords={},
doi={10.1587/transinf.2018EDL8211},
ISSN={1745-1361},
month={July},}
Copy
TY - JOUR
TI - Clustering Malicious DNS Queries for Blacklist-Based Detection
T2 - IEICE TRANSACTIONS on Information
SP - 1404
EP - 1407
AU - Akihiro SATOH
AU - Yutaka NAKAMURA
AU - Daiki NOBAYASHI
AU - Kazuto SASAI
AU - Gen KITAGATA
AU - Takeshi IKENAGA
PY - 2019
DO - 10.1587/transinf.2018EDL8211
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E102-D
IS - 7
JA - IEICE TRANSACTIONS on Information
Y1 - July 2019
AB - Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.
ER -