Detecting Malicious Domains Using Statistical Internationalized Domain Name Features in Top Level Domains
Document Type
Conference Proceeding
Source of Publication
2022 14th Annual Undergraduate Research Conference on Applied Computing (URC)
Publication Date
11-24-2022
Abstract
The Domain Name System (DNS) is a core Internet service that translates domain names into IP addresses. It is a distributed database and protocol with many known weaknesses that subject to countless attacks including spoofing attacks, botnets, and domain name registrations. Still, the debate between security and privacy is continuing, that is DNS over TLS or HTTP, and the lack of adoption of DNS security extensions, put users at risk. Consequently, the security of domain names and characterizing malicious websites is becoming a priority. This paper analyzes the difference between the malicious and the normal domain names and uses Python to extract various malicious DNS identifying characteristics. In addition, the paper contributes two categories of features that suppers Internationalized Domain Names and scans domain system using five tools to give it a rating. The overall accuracy of the Random Forest Classifier was 95.6%.
DOI Link
ISBN
979-8-3503-4680-0
Publisher
IEEE
Volume
00
First Page
1
Last Page
6
Disciplines
Computer Sciences
Keywords
Privacy, Protocols, Botnet, Web and internet services, Distributed databases, Feature extraction, Security
Recommended Citation
Almarzooqi, Alshaima; Mahmoud, Jawahir; Alzaabi, Bayena; Ghebremichael, Arsiema; and Aldwairi, Monther, "Detecting Malicious Domains Using Statistical Internationalized Domain Name Features in Top Level Domains" (2022). All Works. 5696.
https://zuscholars.zu.ac.ae/works/5696
Indexed in Scopus
no
Open Access
yes
Open Access Type
Green: A manuscript of this publication is openly available in a repository