Detecting Malicious Domains Using Statistical Internationalized Domain Name Features in Top Level Domains
Source of Publication
2022 14th Annual Undergraduate Research Conference on Applied Computing (URC)
The Domain Name System (DNS) is a core Internet service that translates domain names into IP addresses. It is a distributed database and protocol with many known weaknesses that subject to countless attacks including spoofing attacks, botnets, and domain name registrations. Still, the debate between security and privacy is continuing, that is DNS over TLS or HTTP, and the lack of adoption of DNS security extensions, put users at risk. Consequently, the security of domain names and characterizing malicious websites is becoming a priority. This paper analyzes the difference between the malicious and the normal domain names and uses Python to extract various malicious DNS identifying characteristics. In addition, the paper contributes two categories of features that suppers Internationalized Domain Names and scans domain system using five tools to give it a rating. The overall accuracy of the Random Forest Classifier was 95.6%.
Privacy, Protocols, Botnet, Web and internet services, Distributed databases, Feature extraction, Security
Almarzooqi, Alshaima; Mahmoud, Jawahir; Alzaabi, Bayena; Ghebremichael, Arsiema; and Aldwairi, Monther, "Detecting Malicious Domains Using Statistical Internationalized Domain Name Features in Top Level Domains" (2022). All Works. 5696.
Indexed in Scopus
Open Access Type
Green: A manuscript of this publication is openly available in a repository