Publicação: Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost (Work in Progress)
| dc.contributor.author | Silva, Leandro Marcos da [UNESP] | |
| dc.contributor.author | Silveira, Marcos Rogerio [UNESP] | |
| dc.contributor.author | Cansian, Adriano Mauro [UNESP] | |
| dc.contributor.author | Kobayashi, Hugo Koji | |
| dc.contributor.author | GkoulalasDivanis, A. | |
| dc.contributor.author | Marchetti, M. | |
| dc.contributor.author | Avresky, D. R. | |
| dc.contributor.institution | Universidade Estadual Paulista (UNESP) | |
| dc.contributor.institution | Brazilian Network Informat Ctr NICBR | |
| dc.date.accessioned | 2022-04-28T17:30:19Z | |
| dc.date.available | 2022-04-28T17:30:19Z | |
| dc.date.issued | 2020-01-01 | |
| dc.description.abstract | The Domain Name System (DNS) protocol provides the mapping between hostnames and Internet Protocol addresses and vice versa. However, attackers use the DNS structure to register malicious domains to engage in malicious activities. One way to mitigate these domains is to use blocklists, but there is considerable time in human detection and insertion into lists. Thus, there are works aimed at detecting domains in an automated way applying machine learning techniques. Given this scenario, the present work presents an analysis of blocklists to identify patterns in malicious domains, where it was concluded that Top Level Domains might be associated with the maliciousness of a domain. After that, a system overview for the multiclass classification of malicious domains using passive DNS is proposed. The system has an exclusive character, because it is the first to use a multiclass approach to indicate the threat present in the malicious domain, and yet, it uses XGBoost and techniques to balance the data. | en |
| dc.description.affiliation | Sao Paulo State Univ UNESP, Sao Paulo, Brazil | |
| dc.description.affiliation | Brazilian Network Informat Ctr NICBR, Sao Paulo, Brazil | |
| dc.description.affiliationUnesp | Sao Paulo State Univ UNESP, Sao Paulo, Brazil | |
| dc.description.sponsorship | Fundação para o Desenvolvimento da UNESP (FUNDUNESP) | |
| dc.description.sponsorshipId | FUNDUNESP: 2764/2018 | |
| dc.format.extent | 3 | |
| dc.identifier.citation | 2020 Ieee 19th International Symposium On Network Computing And Applications (nca). New York: Ieee, 3 p., 2020. | |
| dc.identifier.issn | 2643-7910 | |
| dc.identifier.uri | http://hdl.handle.net/11449/218875 | |
| dc.identifier.wos | WOS:000661912700046 | |
| dc.language.iso | eng | |
| dc.publisher | Ieee | |
| dc.relation.ispartof | 2020 Ieee 19th International Symposium On Network Computing And Applications (nca) | |
| dc.source | Web of Science | |
| dc.subject | Domain Name System | |
| dc.subject | Passive DNS | |
| dc.subject | Malicious Domain | |
| dc.subject | XGBoost | |
| dc.subject | Multiclass Classification | |
| dc.title | Multiclass Classification of Malicious Domains Using Passive DNS with XGBoost (Work in Progress) | en |
| dc.type | Trabalho apresentado em evento | |
| dcterms.license | http://www.ieee.org/publications_standards/publications/rights/rights_policies.html | |
| dcterms.rightsHolder | Ieee | |
| dspace.entity.type | Publication | |
| unesp.campus | Universidade Estadual Paulista (UNESP), Instituto de Biociências Letras e Ciências Exatas, São José do Rio Preto | pt |
| unesp.department | Engenharia Mecânica - FEB | pt |
| unesp.department | Ciências da Computação e Estatística - IBILCE | pt |