nDEWS: A new domains early warning system for TLDs

NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium Pub Date : 2016-04-25 DOI:10.1109/NOMS.2016.7502961

G. Moura, M. Müller, M. Wullink, Cristian Hesselman

引用次数: 19

Abstract

We present nDEWS, a Hadoop-based automatic early warning system of malicious domains for domain name registry operators, such as top-level domain (TLD) registries. By monitoring an entire DNS zone, nDEWS is able to single out newly added suspicious domains by analyzing both domain registration and global DNS lookup patterns of a TLD. nDEWS is capable to detect several types of domain abuse, such as malware, phishing, and allegedly fraudulent web shops. To act on this data, we have established a pilot study with two major .nl registrars, and provide them with daily feeds of their respective suspicious domains. Moreover, nDEWS can also be implemented by other TLD operators/registries.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

nDEWS:一个新的顶级域名预警系统

我们提出了nDEWS，一个基于hadoop的恶意域名自动预警系统，用于域名注册管理机构，如顶级域名(TLD)注册管理机构。通过监控整个DNS区域，nDEWS能够通过分析域名注册和TLD的全局DNS查找模式来挑出新添加的可疑域名。nDEWS能够检测几种类型的域名滥用，例如恶意软件、网络钓鱼和涉嫌欺诈的网络商店。为了对这些数据采取行动，我们与两家主要的。nl注册商建立了一项试点研究，并向他们提供各自可疑域名的每日提要。此外，nDEWS也可以由其他顶级域名运营商/注册管理机构实施。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium

自引率

0.00%

发文量

期刊最新文献

PIoT: Programmable IoT using Information Centric Networking Workload interleaving with performance guarantees in data centers Outsourced invoice service: Service-clearing as SaaS in mobility service marketplaces Dynamic load management for IMS networks using network function virtualization On-demand dynamic network service deployment over NaaS architecture