TY - CHAP
T1 - Classification of Malicious Domains by Their LIFETIME
AU - Hara, Daiji
AU - Sakurai, Kouichi
AU - Musashi, Yasuo
N1 - Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - In this study, we look for malicious domains in the logs of the primary DNS server of Kumamoto University using a malicious domain check tool (Virus Total), We then classify them according to their LIFETIME (LT) and investigate their main attack applications. The following results were obtained from the experiment: (1) Ransomware, phishing, and DDoS attacks were the 3 most frequent attacks. (2) We obtained two sets of LIFETIME by plotting the number of malicious domains according to their frequency (3) The frequency distribution obtained on ransomware, phishing, and DDoS attacks show that the LT distribution of ransomware and phishing is similar, however, the frequency of DDoS attacks is shorter. (4) From these results, we learn that the attack method can be determined by measuring the LT. The LT shows to be a good parameter to be used with machine learning to detect malicious domain names.
AB - In this study, we look for malicious domains in the logs of the primary DNS server of Kumamoto University using a malicious domain check tool (Virus Total), We then classify them according to their LIFETIME (LT) and investigate their main attack applications. The following results were obtained from the experiment: (1) Ransomware, phishing, and DDoS attacks were the 3 most frequent attacks. (2) We obtained two sets of LIFETIME by plotting the number of malicious domains according to their frequency (3) The frequency distribution obtained on ransomware, phishing, and DDoS attacks show that the LT distribution of ransomware and phishing is similar, however, the frequency of DDoS attacks is shorter. (4) From these results, we learn that the attack method can be determined by measuring the LT. The LT shows to be a good parameter to be used with machine learning to detect malicious domain names.
UR - http://www.scopus.com/inward/record.url?scp=85083458580&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85083458580&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-39746-3_35
DO - 10.1007/978-3-030-39746-3_35
M3 - Chapter
AN - SCOPUS:85083458580
T3 - Lecture Notes on Data Engineering and Communications Technologies
SP - 334
EP - 341
BT - Lecture Notes on Data Engineering and Communications Technologies
PB - Springer Science and Business Media Deutschland GmbH
ER -