Detecting Malicious Domains Using Statistical Internationalized Domain Name Features in Top Level Domains

Document Type

Conference Proceeding

Source of Publication

2022 14th Annual Undergraduate Research Conference on Applied Computing (URC)

Publication Date

11-24-2022

Abstract

The Domain Name System (DNS) is a core Internet service that translates domain names into IP addresses. It is a distributed database and protocol with many known weaknesses that subject to countless attacks including spoofing attacks, botnets, and domain name registrations. Still, the debate between security and privacy is continuing, that is DNS over TLS or HTTP, and the lack of adoption of DNS security extensions, put users at risk. Consequently, the security of domain names and characterizing malicious websites is becoming a priority. This paper analyzes the difference between the malicious and the normal domain names and uses Python to extract various malicious DNS identifying characteristics. In addition, the paper contributes two categories of features that suppers Internationalized Domain Names and scans domain system using five tools to give it a rating. The overall accuracy of the Random Forest Classifier was 95.6%.

ISBN

979-8-3503-4680-0

Publisher

IEEE

Volume

00

First Page

1

Last Page

6

Disciplines

Computer Sciences

Keywords

Privacy, Protocols, Botnet, Web and internet services, Distributed databases, Feature extraction, Security

Indexed in Scopus

no

Open Access

yes

Open Access Type

Green: A manuscript of this publication is openly available in a repository

Link to Full Text

Share

COinS