Publicação: Detection of Newly Registered Malicious Domains through Passive DNS
Carregando...
Data
Orientador
Coorientador
Pós-graduação
Curso de graduação
Título da Revista
ISSN da Revista
Título de Volume
Editor
Ieee
Tipo
Trabalho apresentado em evento
Direito de acesso
Resumo
Due to the importance of DNS for the good functioning of the Internet, malicious users register domains for malicious purposes, such as the spreading of malware and the practice of phishing. In this work, an approach capable of detecting malicious domains just 72 hours after the first DNS query was developed. The data source used was the passive DNS collected from an authoritative TLD server with the enrichment of data later, which generated columns encompassing data related to geolocation, which resulted in 20 features. The model used Light-GBM as a machine learning algorithm, and oversampling and undersampling techniques for data balancing, such as Cluster Centroids and K-Means SMOTE, proving efficiency with an average AUC of 0.9763 and F1-score of 0.905, in addition to the TPR of 0.8656 in the validation of the model.
Descrição
Palavras-chave
Domain Name System, Passive DNS, Malicious Domains, Data Imbalanced, Machine Learning
Idioma
Inglês
Como citar
2021 Ieee International Conference On Big Data (big Data). New York: Ieee, p. 3360-3369, 2021.
