nach oben

Neural Processing Letters

Erschienen in:

03.07.2017

Malicious Domain Name Detection Based on Extreme Machine Learning

verfasst von: Yong Shi, Gong Chen, Juntao Li

Erschienen in: Neural Processing Letters | Ausgabe 3/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Malicious domain detection is one of the most effective approaches applied in detecting Advanced Persistent Threat (APT), the most sophisticated and stealthy threat to modern network. Domain name analysis provides security experts with insights to identify the Command and Control (C&C) communications in APT attacks. In this paper, we propose a machine learning based methodology to detect malware domain names by using Extreme Learning Machine (ELM). ELM is a modern neural network with high accuracy and fast learning speed. We apply ELM to classify domain names based on features extracted from multiple resources. Our experiment reveals the introduced detection method is able to perform high detection rate and accuracy (of more than 95%). The fast learning speed of our ELM based approach is also demonstrated by a comparative experiment. Hence, we believe our method using ELM is both effective and efficient to identify malicious domains and therefore enhance the current detection mechanism of APT attacks.

Vorheriger Artikel Document Classification via Nonlinear Metric Learning

Nächster Artikel Robust Spectral Subspace Clustering Based on Least Square Regression

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Ghafir I, Prenosil V (2014) Advanced persistent threat attack detection: an overview. Int J Adv Comput Netw Secur 4:50–54

Li M, Huang W, Wang Y, Fan W, Li J (2016) The study of APT attack stage model. In: 2016 IEEE/ACIS 15th international conference on computer and information science (ICIS), pp 1–5

Li F APT attribution and DNS profiling. http://www.blackhat.com/docs/us-14/materials/us-14-Li-APT-Attribution-And-DNS-Profiling-WP.pdf

Soltani S, Seno SAH, Nezhadkamali M, Budiarto R (2014) A survey on real world botnets and detection mechanisms. Int J Inf Netw Secur 3:116–127

Grill M, Nikolaev I, Valeros V, Rehak M (2015) Detecting DGA malware using NetFlow. In: 2015 IFIP/IEEE international symposium on integrated network management (IM). IEEE, pp 1304–1309

Sato K, Ishibashi K, Toyono T, Miyake N (2012) Extending black domain name list by using co-occurrence relation between DNS queries. IEICE Trans Commun 95:794–802CrossRef

Zhang S (2014) Detecting malware domains on DNS traffic. Master Thesis, Shanghai Jiaotong University

Shi L, Lin D, Fang CV, Zhai Y (2015) A hybrid learning from multi-behavior for malicious domain detection on enterprise network. In: 2015 IEEE international conference on data mining workshop (ICDMW). pp 987–996

Gao Y, Zhen Y, Li H, Chua TS (2016) Filtering of brand-related microblogs using social-smooth multiview embedding. IEEE Trans Multimed 18:2115–2126CrossRef

10.

Manadhata PK, Yadav S, Rao P, Horne W (2014) Detecting malicious domains via graph inference. In: European symposium on research in computer security. Springer, pp 1–18

11.

Lee J, Lee H (2014) GMAD: graph-based malware activity detection by DNS traffic analysis. Comput Commun 49:33–47CrossRef

12.

Chau DH, Nachenberg C, Wilhelm J, Wright A, Faloutsos C (2010) Polonium: Tera-scale graph mining for malware detection. In: Acm sigkdd conference on knowledge discovery and data mining

13.

Gao Y, Zhang H, Zhao X, Yan S (2017) Event classification in microblog via social tracking. ACM Trans Intell Syst Technol 8:1–14CrossRef

14.

Ding G, Guo Y, Zhou J, Gao Y (2016) Large-scale cross-modality search via collective matrix factorization hashing. IEEE Trans Image Process 25:5427–5440MathSciNetCrossRef

15.

Mashechkin IV, Petrovskii MI, Tsarev DV (2016) Machine learning methods for analyzing user behavior when accessing text data in information security problems. Mosc Univ Comput Math Cybern 40:179–184MathSciNetCrossRef

16.

Futai Z, Siyu Z, Weixiong R (2013) Hybrid detection and tracking of fast-flux botnet on domain name system traffic. China Commun 10:81–94CrossRef

17.

Bilge L, Kirda E, Kruegel C, Balduzzi M (2011) EXPOSURE: finding malicious domains using passive DNS analysis. In: Network and distributed system security symposium

18.

Amini P, Azmi R, Araghizadeh M (2014) Botnet detection using NetFlow and clustering. Adv Comput Sci Int J 3:139–149

19.

Yu X, Zhang B, Kang L, Chen J (2012) Fast-flux botnet detection based on weighted svm. Inf Technol J 11:1048–1055CrossRef

20.

Lasota K, Kozakiewicz A (2011) Analysis of the similarities in malicious DNS domain names. In: International conference on secure and trust computing, data management, and application, 1006

21.

Ma J, Saul LK, Savage S, Voelker GM (2009) Beyond blacklists: learning to detect malicious web sites from suspicious URLs. In: Proceedings of the 15th ACM SIGKDD international conference on knowledge discovery and data mining, pp 1245–1254

22.

Shannon CE (2001) A mathematical theory of communication. ACM SIGMOBILE Mob Comput Commun Rev 5:3–55CrossRef

23.

Passerini E, Paleari R, Martignoni L, Bruschi D (2008) Fluxor: detecting and monitoring fast-flux service networks. In: International conference on detection of intrusions and malware, and vulnerability assessment. pp 186–206

24.

Brisco T DNS support for load balancing. https://tools.ietf.org/html/rfc1794

25.

ICANN WHOIS: WHOIS Search. https://whois.icann.org/en

26.

Huang GB, Zhu QY, Siew CK (2006) Extreme learning machine: theory and applications. Neurocomputing 70:489–501CrossRef

27.

Huang GB (2015) What are extreme learning machines? Filling the gap between Frank Rosenblatt’s dream and John von Neumann’s puzzle. Cogn Comput 7:263–278CrossRef

28.

Website Traffic, Statistics and Analytics—Alexa. http://www.alexa.com/siteinfo

29.

Malicious Domain List. https://www.malwaredomainlist.com/

30.

PhishTank—Join the fight against phishing. http://www.alexa.com/

Titel: Malicious Domain Name Detection Based on Extreme Machine Learning
verfasst von: Yong Shi
Gong Chen
Juntao Li
Publikationsdatum: 03.07.2017
Verlag: Springer US
Erschienen in: Neural Processing Letters / Ausgabe 3/2018
Print ISSN: 1370-4621
Elektronische ISSN: 1573-773X
DOI: https://doi.org/10.1007/s11063-017-9666-7

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence_ieS/© Springer Fachmedien Wiesbaden GmbH, Search Icon, Banner Hanser, Dr. Alexandru Oproiescu/© Dr. Alexandru Oproiescu, Julian Erhard/© Packex GmbH, Cloud Netzwerk Open Banking/© vege / Fotolia, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell, ATZ-Webinar: Prototypenfreie Entwicklung durch Offline- und Driver-in-the-Loop-HiL-Tests /© (c) VI-grade

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2018

Finite-Time Stabilization of Neutral Hopfield Neural Networks with Mixed Delays

Performance Analysis for SVM Combining with Metric Learning

Structure Preserving Sparse Coding for Data Representation

Piecewise Pseudo Almost Periodic Solutions of Generalized Neutral-Type Neural Networks with Impulses and Delays

AAM Based Face Sketch Synthesis

Real-Time Attitude Estimation by Using Parallax Observation System

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.