XGBoost Applied to Identify Malicious Domains Using Passive DNS

Silveira, Marcos Rogerio [UNESP]; Silva, Leandro Marcos da [UNESP]; Cansian, Adriano Mauro [UNESP]; Kobayashi, Hugo Koji; GkoulalasDivanis, A.; Marchetti, M.; Avresky, D. R.

Publicação:
XGBoost Applied to Identify Malicious Domains Using Passive DNS

dc.contributor.author	Silveira, Marcos Rogerio [UNESP]
dc.contributor.author	Silva, Leandro Marcos da [UNESP]
dc.contributor.author	Cansian, Adriano Mauro [UNESP]
dc.contributor.author	Kobayashi, Hugo Koji
dc.contributor.author	GkoulalasDivanis, A.
dc.contributor.author	Marchetti, M.
dc.contributor.author	Avresky, D. R.
dc.contributor.institution	Universidade Estadual Paulista (UNESP)
dc.contributor.institution	Brazilian Network Informat Ctr NICBR
dc.date.accessioned	2022-04-28T17:30:19Z
dc.date.available	2022-04-28T17:30:19Z
dc.date.issued	2020-01-01
dc.description.abstract	The Domain Name System (DNS) is an essential component for the Internet, as its main function is to map the domain name to Internet Protocol addresses, in which the hosts respond. Because of its importance, attackers use this tool for malicious purposes such as spreading malware, botnets, fast-flux domains, and Domain Generation Algorithms (DGAs). In this paper, we present an approach to automatically detect malicious domains using passive DNS, using the supervised machine learning algorithm Extreme Gradient Boosting (XGBoost). We use 12 features extracted exclusively from DNS traffic. The model's evaluation proved its effectiveness with an average AUC of 0.9763.	en
dc.description.affiliation	Univ Estadual Paulista UNESP, Sao Paulo, Brazil
dc.description.affiliation	Brazilian Network Informat Ctr NICBR, Sao Paulo, Brazil
dc.description.affiliationUnesp	Univ Estadual Paulista UNESP, Sao Paulo, Brazil
dc.description.sponsorship	Fundação para o Desenvolvimento da UNESP (FUNDUNESP)
dc.description.sponsorshipId	FUNDUNESP: 2764/2018
dc.format.extent	4
dc.identifier.citation	2020 Ieee 19th International Symposium On Network Computing And Applications (nca). New York: Ieee, 4 p., 2020.
dc.identifier.issn	2643-7910
dc.identifier.uri	http://hdl.handle.net/11449/218874
dc.identifier.wos	WOS:000661912700045
dc.language.iso	eng
dc.publisher	Ieee
dc.relation.ispartof	2020 Ieee 19th International Symposium On Network Computing And Applications (nca)
dc.source	Web of Science
dc.subject	Domain Name System
dc.subject	malicious domain
dc.subject	passive DNS
dc.subject	machine learning
dc.title	XGBoost Applied to Identify Malicious Domains Using Passive DNS	en
dc.type	Trabalho apresentado em evento
dcterms.license	http://www.ieee.org/publications_standards/publications/rights/rights_policies.html
dcterms.rightsHolder	Ieee
dspace.entity.type	Publication
unesp.campus	Universidade Estadual Paulista (UNESP), Instituto de Biociências Letras e Ciências Exatas, São José do Rio Preto	pt
unesp.department	Engenharia Mecânica - FEB	pt
unesp.department	Ciências da Computação e Estatística - IBILCE	pt

Coleções

Bauru - FEB - Faculdade de Engenharia
São José do Rio Preto - IBILCE - Instituto de Biociências, Letras e Ciências Exatas

Publicação: XGBoost Applied to Identify Malicious Domains Using Passive DNS

Arquivos

Coleções

Publicação:
XGBoost Applied to Identify Malicious Domains Using Passive DNS