Abstract
Due to the increase in spam email and other anti-social behavior (such as the bot net command and control server) on the Internet, Domain Name System (DNS) blacklists (DNSBLs) have been created. These are “blacklists” of malicious hosts on the Internet that are reputed to send spam email and other anti-social behavior. Most email servers can be configured to reject messages that are sent from the hosts on these lists. Because it is difficult to keep up with new malicious hosts created every day, research is required to automate DNSBL generation. To address this problem, the application of machine learning is being studied thoroughly. Deep learning is considered to be a promising approach to classify the malicious host names. This study explores the risks of these approaches by showing a simple domain generation algorithm (DGA). This report shows the importance of attributes that are used rather than machine learning techniques. Researchers in machine learning and knowledge acquisition should focus on attributes that are more important in application fields than techniques when considering the practical applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
DNS & RHS Blackhole Lists. https://web.archive.org/web/20130321062303/spamlinks.net/filter-dnsbl-lists.htm. Accessed 01 Jan 2020
Predicting Domain Generation Algorithms using LSTMs. https://github.com/endgameinc/dga_predict/. Accessed 01 Jan 2020
The complete IP check for sending Mailservers. http://multirbl.valli.org/. Accessed 01 Jan 2020
The top 500 sites on the web. https://www.alexa.com/topsites, published old version was downloaded from http://s3.amazonaws.com/alexa-static/top-1m.csv.zip Accessed 01 Jan 2020
Ahmed, J., Gharakheili, H.H., Raza, Q., Russell, C., Sivaraman, V.: Real-time detection of dns exfiltration and tunneling from enterprise networks. In: IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 649–653. IEEE (2019)
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for dns. In: USENIX Security Symposium, pp. 273–290 (2010)
Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou, N., Dagon, D.: Detecting malware domains at the upper dns hierarchy. USENIX Secur. Symp. 11, 1–16 (2011)
Bilge, L., Sen, S., Balzarotti, D., Kirda, E., Kruegel, C.: Exposure: a passive dns analysis service to detect and report malicious domains. ACM Trans. Inf. Syst. Secur. (TISSEC) 16(4), 14 (2014)
Caglayan, A., Toothaker, M., Drapeau, D., Burke, D., Eaton, G.: Real-time detection of fast flux service networks. In: Cybersecurity Applications & Technology Conference for Homeland Security, pp. 285–292. IEEE (2009)
Chen, Y., et al.: Financial lower bounds of online advertising abuse. In: Caballero, J., Zurutuza, U., Rodríguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 231–254. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40667-1_12
Chiba, D., et al.: Domainprofiler: discovering domain names abused in future. In: 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 491–502. IEEE (2016)
Dolberg, L., François, J., Engel, T.: Multi-dimensional aggregation for dns monitoring. In: 38th Annual IEEE Conference on Local Computer Networks, pp. 390–398. IEEE (2013)
Fukushi, N., Chiba, D., Akiyama, M., Uchida, M.: Exploration into gray area: efficient labeling for malicious domain name detection. In: IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 770–775. IEEE (2019)
Kazato, Y., Sugawara, T., Fukuda, K.: Detecting malicious domains with probabilistic threat propagation on dns graph. Comput. Softw. 33(3), 16–28 (2016)
Lewis, C., Sergeant, M.: Overview of best email dns-based list (dnsbl) operational practices. Internet Request For Comments, RFC 6471 (2012)
Nelms, T., Perdisci, R., Ahamad, M.: Execscent: mining for new c&c domains in live networks with adaptive control protocol templates. In: Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13), pp. 589–604 (2013)
Perdisci, R., Corona, I., Giacinto, G.: Early detection of malicious flux networks via large-scale passive dns traffic analysis. IEEE Trans. Dependable Secure Comput. 9(5), 714–726 (2012)
Rahbarinia, B., Perdisci, R., Antonakakis, M.: Segugio: efficient behavior-based tracking of malware-control domains in large isp networks. In: 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 403–414. IEEE (2015)
Sood, A.K., Zeadally, S.: A taxonomy of domain-generation algorithms. IEEE Secur. Priv. 14(4), 46–53 (2016)
Spooren, J., Preuveneers, D., Desmet, L., Janssen, P., Joosen, W.: Detection of algorithmically generated domain names used by botnets: a dual arms race. In: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing, pp. 1916–1923. ACM (2019)
Torabi, S., Boukhtouta, A., Assi, C., Debbabi, M.: Detecting internet abuse by analyzing passive dns traffic: a survey of implemented systems. IEEE Commun. Surv. Tutorials 20(4), 3389–3415 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Yoshida, K., Fujiwara, K., Sato, A., Sannomiya, S. (2021). Automatic Generation and Classification of Malicious FQDN. In: Uehara, H., Yamaguchi, T., Bai, Q. (eds) Knowledge Management and Acquisition for Intelligent Systems. PKAW 2021. Lecture Notes in Computer Science(), vol 12280. Springer, Cham. https://doi.org/10.1007/978-3-030-69886-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-69886-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-69885-0
Online ISBN: 978-3-030-69886-7
eBook Packages: Computer ScienceComputer Science (R0)