Top

Published in:

2018 | OriginalPaper | Chapter

DomainObserver: A Lightweight Solution for Detecting Malicious Domains Based on Dynamic Time Warping

Authors : Guolin Tan, Peng Zhang, Qingyun Liu, Xinran Liu, Chunge Zhu

Published in: Computational Science – ICCS 2018

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

People use the Internet to shop, access information and enjoy entertainment by browsing web sites. At the same time, cyber-criminals operate malicious domains to spread illegal content, which poses a great risk to the security of cyberspace. Therefore, it is of great importance to detect malicious domains in the field of cyberspace security. Typically, there are broad research focusing on detecting malicious domains either by blacklist or learning the features. However, the former is infeasible due to its unpredictability of unknown malicious domains, and the later requires complex feature engineering. Different from most of previous methods, in this paper, we propose a novel lightweight solution named DomainObserver to detect malicious domains. Our technique of DomainObserver is based on dynamic time warping that is used to better align the time series. To the best of our knowledge, it is a new trial to apply passive traffic measurements and time series data mining to malicious domain detection. Extensive experiments on real datasets are performed to demonstrate the effectiveness of our proposed method.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Automatic Web News Extraction Based on DS Theory Considering Content Topics

next chapter You Have More Abbreviations Than You Know: A Study of AbbrevSquatting Abuse

Alexa: Alexa top 1m. http://s3.amazonaws.com/alexa-static/top-1m.csv.zip. Accessed 7 Nov 2017

Antivirus: Network Security Threat Information Sharing Platform. https://share.anva.org.cn/en/index

Baidu: Baidu Website Security Detection Platform. http://bsb.baidu.com/

Berndt, D.J., Clifford, J.: Using dynamic time warping to find patterns in time series. In: KDD Workshop, Seattle, WA, vol. 10, pp. 359–370 (1994)

Bilge, L., Sen, S., Balzarotti, D., Kirda, E., Kruegel, C.: Exposure: a passive DNS analysis service to detect and report malicious domains. ACM Trans. Inf. Syst. Secur. (TISSEC) 16(4), 14 (2014)CrossRef

Cover, T., Hart, P.: Nearest neighbor pattern classification. IEEE Trans. Inf. Theory 13(1), 21–27 (1967)CrossRef

Duffield, N.: Sampling for passive internet measurement: a review. Stat. Sci. 472–498 (2004)MathSciNetCrossRef

Faloutsos, C., Ranganathan, M., Manolopoulos, Y.: Fast subsequence matching in time-series databases. In: SIGMOD 1994. Citeseer (1994)CrossRef

Grabocka, J., Schilling, N., Wistuba, M., Schmidt-Thieme, L.: Learning time-series shapelets. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 392–401. ACM (2014)

10.

Kuyama, M., Kakizaki, Y., Sasaki, R.: Method for detecting a malicious domain by using WHOIS and DNS features. In: Third International Conference on Digital Security and Forensics (DigitalSec2016), p. 74 (2016)

11.

Malware: Malware Domain Block List. http://www.malwaredomains.com/

12.

Manadhata, P.K., Yadav, S., Rao, P., Horne, W.: Detecting malicious domains via graph inference. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 1–18. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11203-9_1CrossRef

13.

Nepali, R.K., Wang, Y.: You look suspicious!!: leveraging visible attributes to classify malicious short URLs on Twitter. In: 2016 49th Hawaii International Conference on System Sciences (HICSS), pp. 2648–2655. IEEE (2016)

14.

OpenDNS: Phishtank. http://www.phishtank.com/

15.

Qihu 360: 360 Fraud Reporting Center. https://110.360.cn/

16.

Sahoo, D., Liu, C., Hoi, S.C.: Malicious URL detection using machine learning: a survey. arXiv preprint arXiv:1701.07179 (2017)

17.

Sun, B., Akiyama, M., Yagi, T., Hatada, M., Mori, T.: Autoblg: automatic URL blacklist generator using search space expansion and filters. In: 2015 IEEE Symposium on Computers and Communication (ISCC), pp. 625–631. IEEE (2015)

18.

Wang, X., Mueen, A., Ding, H., Trajcevski, G., Scheuermann, P., Keogh, E.: Experimental comparison of representation methods and distance measures for time series data. Data Min. Knowl. Discov. 26, 1–35 (2013)MathSciNetCrossRef

19.

Wang, Y.: Cai, W.d., Wei, P.c.: A deep learning approach for detecting malicious Javascript code. Secur. Commun. Netw. 9(11), 1520–1534 (2016)CrossRef

20.

Zhang, J., Porras, P.A., Ullrich, J.: Highly predictive blacklisting. In: USENIX Security Symposium, pp. 107–122 (2008)

Title: DomainObserver: A Lightweight Solution for Detecting Malicious Domains Based on Dynamic Time Warping
Authors: Guolin Tan
Peng Zhang
Qingyun Liu
Xinran Liu
Chunge Zhu
Publisher: Springer International Publishing
Book: Computational Science – ICCS 2018
Print ISBN: 978-3-319-93697-0

Electronic ISBN: 978-3-319-93698-7

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-93698-7_16

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner