Jukka Ruohonen, S. Šćepanović, S. Hyrynsalmi, I. Mishkovski, T. Aura, V. Leppänen
{"title":"我的名字服务器旁边的黑色标记:探索恶意软件DNS图中名称服务器IP地址的重要性","authors":"Jukka Ruohonen, S. Šćepanović, S. Hyrynsalmi, I. Mishkovski, T. Aura, V. Leppänen","doi":"10.1109/W-FiCloud.2016.61","DOIUrl":null,"url":null,"abstract":"This short exploratory empirical paper examines a question of how important the Internet protocol (IP) addresses of name servers are in linking together Internet domains that have distributed malware or otherwise having been associated with malicious computer networks. By using the domain name system (DNS) for building a relational representation, the found importance is elaborated with a dataset comprised of nearly sixty thousand domains. Besides the empirical exploration related to these domains, the paper provides a stylized discussion on the construction of empirical DNS graphs, including the concrete reduction and learning of the observed malware graph. With these two deliverables, the paper contributes to the active research field of DNS mining, further pinpointing a number of relevant research challenges for applications of complex network analysis for studying computer networking and cyber security.","PeriodicalId":441441,"journal":{"name":"2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW)","volume":"04 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"The Black Mark beside My Name Server: Exploring the Importance of Name Server IP Addresses in Malware DNS Graphs\",\"authors\":\"Jukka Ruohonen, S. Šćepanović, S. Hyrynsalmi, I. Mishkovski, T. Aura, V. Leppänen\",\"doi\":\"10.1109/W-FiCloud.2016.61\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This short exploratory empirical paper examines a question of how important the Internet protocol (IP) addresses of name servers are in linking together Internet domains that have distributed malware or otherwise having been associated with malicious computer networks. By using the domain name system (DNS) for building a relational representation, the found importance is elaborated with a dataset comprised of nearly sixty thousand domains. Besides the empirical exploration related to these domains, the paper provides a stylized discussion on the construction of empirical DNS graphs, including the concrete reduction and learning of the observed malware graph. With these two deliverables, the paper contributes to the active research field of DNS mining, further pinpointing a number of relevant research challenges for applications of complex network analysis for studying computer networking and cyber security.\",\"PeriodicalId\":441441,\"journal\":{\"name\":\"2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW)\",\"volume\":\"04 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/W-FiCloud.2016.61\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/W-FiCloud.2016.61","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The Black Mark beside My Name Server: Exploring the Importance of Name Server IP Addresses in Malware DNS Graphs
This short exploratory empirical paper examines a question of how important the Internet protocol (IP) addresses of name servers are in linking together Internet domains that have distributed malware or otherwise having been associated with malicious computer networks. By using the domain name system (DNS) for building a relational representation, the found importance is elaborated with a dataset comprised of nearly sixty thousand domains. Besides the empirical exploration related to these domains, the paper provides a stylized discussion on the construction of empirical DNS graphs, including the concrete reduction and learning of the observed malware graph. With these two deliverables, the paper contributes to the active research field of DNS mining, further pinpointing a number of relevant research challenges for applications of complex network analysis for studying computer networking and cyber security.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
