Classification of Malicious Domains by Their LIFETIME

Daiji Hara, Kouichi Sakurai, Yasuo Musashi

Research output: Chapter in Book/Report/Conference proceedingChapter

2 Citations (Scopus)


In this study, we look for malicious domains in the logs of the primary DNS server of Kumamoto University using a malicious domain check tool (Virus Total), We then classify them according to their LIFETIME (LT) and investigate their main attack applications. The following results were obtained from the experiment: (1) Ransomware, phishing, and DDoS attacks were the 3 most frequent attacks. (2) We obtained two sets of LIFETIME by plotting the number of malicious domains according to their frequency (3) The frequency distribution obtained on ransomware, phishing, and DDoS attacks show that the LT distribution of ransomware and phishing is similar, however, the frequency of DDoS attacks is shorter. (4) From these results, we learn that the attack method can be determined by measuring the LT. The LT shows to be a good parameter to be used with machine learning to detect malicious domain names.

Original languageEnglish
Title of host publicationLecture Notes on Data Engineering and Communications Technologies
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages8
Publication statusPublished - 2020

Publication series

NameLecture Notes on Data Engineering and Communications Technologies
ISSN (Print)2367-4512
ISSN (Electronic)2367-4520

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Electrical and Electronic Engineering
  • Computer Networks and Communications
  • Media Technology
  • Computer Science Applications


Dive into the research topics of 'Classification of Malicious Domains by Their LIFETIME'. Together they form a unique fingerprint.

Cite this