A Survey on Malicious Domains Detection through DNS Data Analysis

Zhauniarovich Yury; Khalil Issa; Yu Ting; Dacier Marc

首页> 外文期刊>ACM Computing Surveys >A Survey on Malicious Domains Detection through DNS Data Analysis

【24h】

A Survey on Malicious Domains Detection through DNS Data Analysis

机译：通过DNS数据分析进行恶意域检测的调查

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Malicious domains are one of the major resources required for adversaries to run attacks over the Internet. Due to the important role of the Domain Name System (DNS), extensive research has been conducted to identify malicious domains based on their unique behavior reflected in different phases of the life cycle of DNS queries and responses. Existing approaches differ significantly in terms of intuitions, data analysis methods as well as evaluation methodologies. This warrants a thorough systematization of the approaches and a careful review of the advantages and limitations of every group.In this article, we perform such an analysis. To achieve this goal, we present the necessary background knowledge on DNS and malicious activities leveraging DNS. We describe a general framework of malicious domain detection techniques using DNS data. Applying this framework, we categorize existing approaches using several orthogonal viewpoints, namely (1) sources of DNS data and their enrichment, (2) data analysis methods, and (3) evaluation strategies and metrics. In each aspect, we discuss the important challenges that the research community should address in order to fully realize the power of DNS data analysis to fight against attacks leveraging malicious domains.

机译：恶意域是攻击者通过Internet进行攻击所需的主要资源之一。由于域名系统（DNS）的重要作用，已经进行了广泛的研究，以根据在DNS查询和响应的生命周期的不同阶段反映出的恶意域，来识别恶意域。现有的方法在直觉，数据分析方法以及评估方法方面都存在很大差异。这需要对方法进行彻底的系统化，并仔细检查每个组的优点和缺点。在本文中，我们进行了这样的分析。为了实现此目标，我们提供了有关DNS和利用DNS的恶意活动的必要背景知识。我们描述了使用DNS数据的恶意域检测技术的一般框架。应用此框架，我们使用几种正交的观点对现有方法进行分类，即（1）DNS数据的来源及其丰富，（2）数据分析方法以及（3）评估策略和指标。在每个方面，我们都讨论了研究社区应解决的重要挑战，以便充分实现DNS数据分析的功能来对抗利用恶意域的攻击。

著录项

来源
《ACM Computing Surveys》 |2018年第4期|67.1-67.36|共36页
作者
Zhauniarovich Yury; Khalil Issa; Yu Ting; Dacier Marc;
展开▼
作者单位

HBKU Qatar Comp Res Inst Doha Qatar|Educ City Hamad Bin Khalifa Res Complex Doha Qatar;

Eurecom Biot France|Campus SOPHIA TECH 450 Route Chappes CS 50193 F-06904 Biot Sophia Antipolis France;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Malicious domains detection; domain name system;

机译：恶意域名检测;域名系统;

相似文献

外文文献
中文文献
专利

1. DNS dataset for malicious domains detection [J] . Cláudio Marques, Silvestre Malta, Jo?o Paulo Magalh?es Data in Brief . 2021,第a期

机译：恶意域检测的DNS数据集
2. Exposure: A Passive DNS Analysis Service to Detect and Report Malicious Domains [J] . LEYLA BILGE, SEVIL SEN, DAVIDE BALZAROTTI, ACM Transaction on Information and System Security . 2013,第4期

机译：暴露：一种被动DNS分析服务，用于检测和报告恶意域
3. Detection of malicious and low throughput data exfiltration over the DNS protocol [J] . Nadler Asaf, Aminov Avi, Shabtai Asaf Computers & Security . 2019,第JANa期

机译：通过DNS协议检测恶意和低吞吐量数据泄露
4. DNS traffic analysis for malicious domains detection [C] . Ghafir Ibrahim, Prenosil Vaclav International Conference on Signal Processing and Integrated Networks . 2015

机译：DNS流量分析以检测恶意域
5. Detection of Malicious Content in JSON Structured Data Using Multiple Concurrent Anomaly Detection Methods. [D] . Miller, Brett N. 2016

机译：使用多种并发异常检测方法检测JSON结构化数据中的恶意内容。
6. Flow-Data Gathering Using NetFlow Sensors for Fitting Malicious-Traffic Detection Models [O] . Adrián Campazas-Vega, Ignacio Samuel Crespo-Martínez, Ángel Manuel Guerrero-Higueras, 2020

机译：使用NetFlow传感器采集流量数据用于拟合恶意交通检测模型
7. A Survey on Malicious Domains Detection through DNS Data Analysis [O] . Yury Zhauniarovich, Issa Khalil, Ting Yu, 2018

机译：DNS数据分析对恶意域检测的调查

A Survey on Malicious Domains Detection through DNS Data Analysis

摘要

著录项

相似文献

相关主题

期刊订阅