Detection of Newly Registered Malicious Domains through Passive DNS
MetadataShow full item record
Due to the importance of DNS for the good functioning of the Internet, malicious users register domains for malicious purposes, such as the spreading of malware and the practice of phishing. In this work, an approach capable of detecting malicious domains just 72 hours after the first DNS query was developed. The data source used was the passive DNS collected from an authoritative TLD server with the enrichment of data later, which generated columns encompassing data related to geolocation, which resulted in 20 features. The model used LightGBM as a machine learning algorithm, and oversampling and undersampling techniques for data balancing, such as Cluster Centroids and K-Means SMOTE, proving efficiency with an average AUC of 0.9763 and F1-score of 0.905, in addition to the TPR of 0.8656 in the validation of the model.