Journal
ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY
Volume 16, Issue 4, Pages -Publisher
ASSOC COMPUTING MACHINERY
DOI: 10.1145/2584679
Keywords
Domain name system; malicious domains; machine learning
Categories
Funding
- Division Of Computer and Network Systems
- Direct For Computer & Info Scie & Enginr [1116777] Funding Source: National Science Foundation
Ask authors/readers for more resources
A wide range of malicious activities rely on the domain name service (DNS) to manage their large, distributed networks of infected machines. As a consequence, the monitoring and analysis of DNS queries has recently been proposed as one of the most promising techniques to detect and blacklist domains involved in malicious activities (e.g., phishing, spam, botnets command-and-control, etc.). EXPOSURE is a system we designed to detect such domains in real time, by applying 15 unique features grouped in four categories. We conducted a controlled experiment with a large, real-world dataset consisting of billions of DNS requests. The extremely positive results obtained in the tests convinced us to implement our techniques and deploy it as a free, online service. In this article, we present the EXPOSURE system and describe the results and lessons learned from 17 months of its operation. Over this amount of time, the service detected over 100K malicious domains. The statistics about the time of usage, number of queries, and target IP addresses of each domain are also published on a daily basis on the service Web page.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available