Malware detection using DNS records and domain name features

Document Type

Conference Proceeding

Source of Publication

ACM International Conference Proceeding Series

Publication Date

6-26-2018

Abstract

© 2018 ACM. As billions of people depend on Internet application to perform day to day tasks, the prevalent of malwares and online attacks cause a huge loss to global Internet economy prevalent. Domain name system is one of the core components of the Internet, which allows users to type in website names and resolves them to Internet addresses. Several studies proposed using DNS for malware detection, because it is the first step before visiting a specific website. Unfortunately, majority focused on malicious URLs back listing, botnets, top-level-domain, DNS and resolvers. This paper proposes a system to detect malicious domain names, by using eight unique features that accurately identify malicious websites before being visited.We implemented our approach of malicious domain names detection using Python, and experimented with five weeks of real-world data using Weka.The experimental results reports a 77.5% and low false positive rates 22.4%. That is very promising considering the approach detect website based on feature calculated based on URL and without downloading the file.

ISBN

9781450364287

Publisher

Association for Computing Machinery

First Page

29

Disciplines

Computer Sciences

Keywords

DNS, Domain name, Malicious domains, Malware detection

Scopus ID

85055416272

Indexed in Scopus

yes

Open Access

no

Share

COinS