Skip to Main content Skip to Navigation
Conference papers

Advanced Flow Models for Computing the Reputation of Internet Domains

Abstract : The Domain Name System (DNS) is an essential component of the Internet infrastructure that translates domain names into IP addresses. Recent incidents verify the enormous damage of malicious activities utilizing DNS such as bots that use DNS to locate their command & control servers. We believe that a domain that is related to malicious domains is more likely to be malicious as well and therefore detecting malicious domains using the DNS network topology is a key challenge.In this work we improve the flow model presented by Mishsky et al. [12] for computing the reputation of domains. This flow model is applied on a graph of domains and IPs and propagates their reputation scores through the edges that connect them to express the impact of malicious domains on related domains. We propose the use of clustering to guide the flow of reputation in the graph and examine two different clustering methods to identify groups of domains and IPs that are strongly related. The flow algorithms use these groups to emphasize the influence of nodes within the same cluster on each other. We evaluate the algorithms using a large database received from a commercial company. The experimental evaluation of our work have shown the expected improvement over previous work [12] in detecting malicious domains.
Document type :
Conference papers
Complete list of metadata

Cited literature [19 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Tuesday, November 28, 2017 - 5:08:46 PM
Last modification on : Tuesday, May 14, 2019 - 1:50:22 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Hussien Othman, Ehud Gudes, Nurit Gal-Oz. Advanced Flow Models for Computing the Reputation of Internet Domains. 11th IFIP International Conference on Trust Management (TM), Jun 2017, Gothenburg, Sweden. pp.119-134, ⟨10.1007/978-3-319-59171-1_10⟩. ⟨hal-01651160⟩



Record views


Files downloads