@article{32941dd140c347bd893aa5856fabcb5d,
title = "Clustering malicious DNS queries for blacklist-based detection",
abstract = "Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.",
keywords = "Blacklist, DNS query, Machine learning, Malware",
author = "Akihiro Satoh and Yutaka Nakamura and Daiki Nobayashi and Kazuto Sasai and Gen Kitagata and Takeshi Ikenaga",
note = "Funding Information: Manuscript received October 10, 2018. Manuscript revised December 28, 2018. Manuscript publicized April 5, 2019. †The authors are with Kyushu Institute of Technology, Kitakyushu-shi, 804–8550 Japan. ††The author is with Ibaraki University, Hitachi-shi, 316–8511 Japan. †††The author is with Tohoku University, Sendai-shi, 980–8577 Japan. ∗This work was supported by JSPS KAKENHI Grant Number JP18K11296. Part of this work was carried out under the Cooperative Research Project of the RIEC, Tohoku University. a) E-mail: satoh@isc.kyutech.ac.jp DOI: 10.1587/transinf.2018EDL8211 Publisher Copyright: Copyright {\textcopyright} 2019 The Institute of Electronics, Information and Communication Engineers.",
year = "2019",
doi = "10.1587/transinf.2018EDL8211",
language = "English",
volume = "E102D",
pages = "1404--1407",
journal = "IEICE Transactions on Information and Systems",
issn = "0916-8532",
publisher = "Maruzen Co., Ltd/Maruzen Kabushikikaisha",
number = "7",
}