Clustering malicious DNS queries for blacklist-based detection

Akihiro Satoh, Yutaka Nakamura, Daiki Nobayashi, Kazuto Sasai, Gen Kitagata, Takeshi Ikenaga

研究成果: Article査読

1 被引用数 (Scopus)

抄録

Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.

本文言語English
ページ(範囲)1404-1407
ページ数4
ジャーナルIEICE Transactions on Information and Systems
E102D
7
DOI
出版ステータスPublished - 2019

ASJC Scopus subject areas

  • ソフトウェア
  • ハードウェアとアーキテクチャ
  • コンピュータ ビジョンおよびパターン認識
  • 電子工学および電気工学
  • 人工知能

フィンガープリント

「Clustering malicious DNS queries for blacklist-based detection」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル