{"title":"采用机器学习支持恶意域名检测","authors":"Fernanda Magalhães, J. Magalhães","doi":"10.1109/IOTSMS52051.2020.9340159","DOIUrl":null,"url":null,"abstract":"Nowadays there are many Domain Name System (DNS) firewall solutions to prevent users to access malicious domains. These can provide real time protection and block illegitimate communications. Most of these solutions are based on known malicious domain names lists (blocklists) that are being constantly updated. However, this way, it is only possible to block malicious communications for known malicious domains, leaving out many others that are malicious but have not yet been updated in the blocklists. In this paper we present a study on the usefulness of adopting machine learning to detect malicious domain names. From a large set of domain names classified in-advance as malicious or benign an enriched dataset with multiple features was created and analyzed. The exploratory analysis and the data preparation tasks were carried out and the results achieved by different machine learning classification algorithms. Depending on the classification algorithm, the accuracy results varied between 75% and 92% and the classification time ranged between 2.77 seconds and 5320 seconds. These results are interesting in that they make it possible to classify a new domain as malicious or not in a short time and with good hit rate.","PeriodicalId":147136,"journal":{"name":"2020 7th International Conference on Internet of Things: Systems, Management and Security (IOTSMS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Adopting Machine Learning to Support the Detection of Malicious Domain Names\",\"authors\":\"Fernanda Magalhães, J. Magalhães\",\"doi\":\"10.1109/IOTSMS52051.2020.9340159\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays there are many Domain Name System (DNS) firewall solutions to prevent users to access malicious domains. These can provide real time protection and block illegitimate communications. Most of these solutions are based on known malicious domain names lists (blocklists) that are being constantly updated. However, this way, it is only possible to block malicious communications for known malicious domains, leaving out many others that are malicious but have not yet been updated in the blocklists. In this paper we present a study on the usefulness of adopting machine learning to detect malicious domain names. From a large set of domain names classified in-advance as malicious or benign an enriched dataset with multiple features was created and analyzed. The exploratory analysis and the data preparation tasks were carried out and the results achieved by different machine learning classification algorithms. Depending on the classification algorithm, the accuracy results varied between 75% and 92% and the classification time ranged between 2.77 seconds and 5320 seconds. These results are interesting in that they make it possible to classify a new domain as malicious or not in a short time and with good hit rate.\",\"PeriodicalId\":147136,\"journal\":{\"name\":\"2020 7th International Conference on Internet of Things: Systems, Management and Security (IOTSMS)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 7th International Conference on Internet of Things: Systems, Management and Security (IOTSMS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IOTSMS52051.2020.9340159\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 7th International Conference on Internet of Things: Systems, Management and Security (IOTSMS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IOTSMS52051.2020.9340159","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Adopting Machine Learning to Support the Detection of Malicious Domain Names
Nowadays there are many Domain Name System (DNS) firewall solutions to prevent users to access malicious domains. These can provide real time protection and block illegitimate communications. Most of these solutions are based on known malicious domain names lists (blocklists) that are being constantly updated. However, this way, it is only possible to block malicious communications for known malicious domains, leaving out many others that are malicious but have not yet been updated in the blocklists. In this paper we present a study on the usefulness of adopting machine learning to detect malicious domain names. From a large set of domain names classified in-advance as malicious or benign an enriched dataset with multiple features was created and analyzed. The exploratory analysis and the data preparation tasks were carried out and the results achieved by different machine learning classification algorithms. Depending on the classification algorithm, the accuracy results varied between 75% and 92% and the classification time ranged between 2.77 seconds and 5320 seconds. These results are interesting in that they make it possible to classify a new domain as malicious or not in a short time and with good hit rate.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
