Computing domains reputation using flow

Author

Mishsky, Igor ; Gal-Oz, Nurit ; Gudes, Ehud

Author_Institution

Comput. Sci. Dept., Ben Gurion Univ., Beer-Sheva, Israel

fYear

2014

fDate

8-10 Dec. 2014

Firstpage

426

Lastpage

431

Abstract

The Domain Name System (DNS) is an essential component of the Internet infrastructure that translates domain names into IP addresses. Recent incidents verify the enormous damage of malicious activities utilizing DNS. Therefore, detecting malicious domains using the DNS network structure is an important challenge. We take the famous colloquial expression Tell me who your friends are and I will tell you who you are, motivating many social trust models, to the Internet domains world. We assert that a domain that is related to malicious domains is more likely to be malicious as well, and malicious domains may be identified by analyzing cross domains relationships. The term domain reputation represents the extent to which we consider a domain as malicious. In this paper we present a new approach for computing domain reputation by applying a flow algorithm on a DNS based graph. The experimental evaluation of the flow algorithm demonstrates significant success in predicting malicious domains.

Keywords

IP networks; Internet; computer network security; graph theory; DNS based graph; DNS network structure; Domain Name System; IP addresses; Internet domains; Internet infrastructure; cross-domain relationship analysis; domain reputation; flow algorithm; malicious activities; malicious domain detection; social trust models; Attenuation; Computational modeling; Databases; IP networks; Internet; Servers; Vectors; Flow model; Trust & Reputation; malicious domains;

fLanguage

English

Publisher

ieee

Conference_Titel

Internet Technology and Secured Transactions (ICITST), 2014 9th International Conference for

Conference_Location

London

Type

conf

DOI

10.1109/ICITST.2014.7038850

Filename

7038850