IEICE Transactions on Information and Systems
Online ISSN : 1745-1361
Print ISSN : 0916-8532
Regular Section
Clustering Malicious DNS Queries for Blacklist-Based Detection
Akihiro SATOHYutaka NAKAMURADaiki NOBAYASHIKazuto SASAIGen KITAGATATakeshi IKENAGA
Author information
Keywords: malware, blacklist, DNS query, machine learning
JOURNAL FREE ACCESS

2019 Volume E102.D Issue 7 Pages 1404-1407

Details
Download PDF (178K)
Download citation RIS

(compatible with EndNote, Reference Manager, ProCite, RefWorks)

BIB TEX

(compatible with BibDesk, LaTeX)

Text
How to download citation
Contact us
Abstract

Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.

Content from these authors
© 2019 The Institute of Electronics, Information and Communication Engineers
Previous article Next article
Favorites & Alerts

Recently viewed articles
Announcements from publisher
  • Readers can also download the PDF from https://search.ieice.org/iss/
  • PayPerView service
  • Please contact trans-d [a] ieice.org, if you want to unlock PDF security.
Share this page
feedback
 Top