Malware detection using DNS records and domain name features
Document Type
Conference Proceeding
Source of Publication
ACM International Conference Proceeding Series
Publication Date
6-26-2018
Abstract
© 2018 ACM. As billions of people depend on Internet application to perform day to day tasks, the prevalent of malwares and online attacks cause a huge loss to global Internet economy prevalent. Domain name system is one of the core components of the Internet, which allows users to type in website names and resolves them to Internet addresses. Several studies proposed using DNS for malware detection, because it is the first step before visiting a specific website. Unfortunately, majority focused on malicious URLs back listing, botnets, top-level-domain, DNS and resolvers. This paper proposes a system to detect malicious domain names, by using eight unique features that accurately identify malicious websites before being visited.We implemented our approach of malicious domain names detection using Python, and experimented with five weeks of real-world data using Weka.The experimental results reports a 77.5% and low false positive rates 22.4%. That is very promising considering the approach detect website based on feature calculated based on URL and without downloading the file.
DOI Link
ISBN
9781450364287
Publisher
Association for Computing Machinery
First Page
29
Disciplines
Computer Sciences
Keywords
DNS, Domain name, Malicious domains, Malware detection
Scopus ID
Recommended Citation
Al Messabi, Khulood; Aldwairi, Monther; Al Yousif, Ayesha; Thoban, Anoud; and Belqasmi, Fatna, "Malware detection using DNS records and domain name features" (2018). All Works. 2314.
https://zuscholars.zu.ac.ae/works/2314
Indexed in Scopus
yes
Open Access
no