Clustering malicious DNS queries for blacklist-based detection

Akihiro Satoh, Yutaka Nakamura, Daiki Nobayashi, Kazuto Sasai, Gen Kitagata, Takeshi Ikenaga

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.

Original languageEnglish
Pages (from-to)1404-1407
Number of pages4
JournalIEICE Transactions on Information and Systems
VolumeE102D
Issue number7
DOIs
Publication statusPublished - 2019

Keywords

  • Blacklist
  • DNS query
  • Machine learning
  • Malware

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Vision and Pattern Recognition
  • Electrical and Electronic Engineering
  • Artificial Intelligence

Fingerprint

Dive into the research topics of 'Clustering malicious DNS queries for blacklist-based detection'. Together they form a unique fingerprint.

Cite this