Advanced Flow Models for Computing the Reputation of Internet Domains

Abstract : The Domain Name System (DNS) is an essential component of the Internet infrastructure that translates domain names into IP addresses. Recent incidents verify the enormous damage of malicious activities utilizing DNS such as bots that use DNS to locate their command & control servers. We believe that a domain that is related to malicious domains is more likely to be malicious as well and therefore detecting malicious domains using the DNS network topology is a key challenge.In this work we improve the flow model presented by Mishsky et al. [12] for computing the reputation of domains. This flow model is applied on a graph of domains and IPs and propagates their reputation scores through the edges that connect them to express the impact of malicious domains on related domains. We propose the use of clustering to guide the flow of reputation in the graph and examine two different clustering methods to identify groups of domains and IPs that are strongly related. The flow algorithms use these groups to emphasize the influence of nodes within the same cluster on each other. We evaluate the algorithms using a large database received from a commercial company. The experimental evaluation of our work have shown the expected improvement over previous work [12] in detecting malicious domains.
Type de document :
Communication dans un congrès
Jan-Philipp Steghöfer; Babak Esfandiari. 11th IFIP International Conference on Trust Management (TM), Jun 2017, Gothenburg, Sweden. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-505, pp.119-134, 2017, Trust Management XI. 〈10.1007/978-3-319-59171-1_10〉
Liste complète des métadonnées

Littérature citée [19 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01651160
Contributeur : Hal Ifip <>
Soumis le : mardi 28 novembre 2017 - 17:08:46
Dernière modification le : samedi 17 février 2018 - 17:46:02

Fichier

 Accès restreint
Fichier visible le : 2020-01-01

Connectez-vous pour demander l'accès au fichier

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Hussien Othman, Ehud Gudes, Nurit Gal-Oz. Advanced Flow Models for Computing the Reputation of Internet Domains. Jan-Philipp Steghöfer; Babak Esfandiari. 11th IFIP International Conference on Trust Management (TM), Jun 2017, Gothenburg, Sweden. Springer International Publishing, IFIP Advances in Information and Communication Technology, AICT-505, pp.119-134, 2017, Trust Management XI. 〈10.1007/978-3-319-59171-1_10〉. 〈hal-01651160〉

Partager

Métriques

Consultations de la notice

92