Browse > Article
http://dx.doi.org/10.9708/jksci.2020.25.12.127

McDoT: Multi-Channel Domain Tracking Technology for Illegal Domains Collection  

Cho, Ho-Mook (Cyber Security Research Center, KAIST)
Lee, JeongYoung (APEX ESC)
Jang, JaeHoon (APEX ESC)
Choi, Sang-Yong (APEX ESC)
Publication Information
Journal of the Korea Society of Computer and Information / v.25, no.12, 2020 , pp. 127-134 More about this Journal
Abstract
Recently, Harmful sites, including pornographic videos, drugs, personal information and hacking tool distribution sites, have caused serious social problems. However, due to the nature of the Internet environment where anyone can use it freely, it is difficult to control the user effectively. And the site operator operates by changing the domain to bypass the blockage. Therefore, even once identified sites have low persistence. In this paper, we propose multi-channel domain tracking technology, a technique that can effectively track changes in the domain addresses of harmful sites, including the same or similar content, by tracking changes in these harmful sites. Proposed technology is a technology that can continuously track information in a domain using OSINT technology. We tested and verified that the proposed technology was effective for domain tracking with a 90.4% trace rate (sensing 66 changes out of 73 domains).
Keywords
Cyber investigation; Domain trace; Illegal Website; OSINT; Detection;
Citations & Related Records
연도 인용수 순위
  • Reference
1 TF-IDF, https://ko.wikipedia.org/wiki/Tf-idf
2 ELK, https://www.elastic.co/kr/
3 GO, https://golang.org/
4 Internetlivestats https://www.internetlivestats.com/
5 Unlawful sites, enhanced blockage with blackouts, http://news.knue.ac.kr/news/articleView.html?idxno=2197
6 2019 Internet censorship controversy, https://zdnet.co.kr/view/?no=20190214091551
7 Server Name Indication, https://namu.wiki/w/SNI
8 BoungJin Kim, SangJun Lee, "Improvement of Methods for Discriminating Harmful Web Sites by using Link Relations between Web Sites and Constructing Whitelist", KIISE Transactions on Computing Practices, Vol. 25, No. 10, pp. 506-510, 2019, 10.5626/KTCP.2019.25.10.506   DOI
9 Kim Jong Woo, Lee Sun Jeong, "Developing a Connection Restrictions Filtering System for Websites based on Swear Words Extraction", Journal of KIISE, Vol. 46, No. 12, pp. 1272-1278, 2019, 10.5626/JOK.2019.46.12.1272   DOI
10 SukYoon Kang, JooYoung Cho, GaHyun Joo, YountGu Lee, "Harmful Website Detection System Using Real-time Web Crawling", Korea Computer Congress 2018, pp. 1904-1906, Jul. 2018.
11 KwangSu Shin, JinHa Song, HongHo Nang, "An Adult Web Site Classification Method using Analysis of Multiple Images in Web Page", Korea Computer Congress 2017, pp. 868-870, Dec, 2017.
12 LIU, Zhenyan, et al. An imbalanced malicious domains detection method based on passive dns traffic analysis. Security and Communication Networks, 2018, 2018.
13 TIAN, Xiang, et al. VegaStar: An Illegal Domain Detection System on Large-Scale Video Traffic. In: 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, 2018. p. 783-789.
14 SOSKA, Kyle; CHRISTIN, Nicolas. Automatically detecting vulnerable websites before they turn malicious. In: 23rd {USENIX} Security Symposium ({USENIX} Security 14). 2014. p. 625-640.
15 Google Cloud Platform, https://console.cloud.google.com/getting-started?hl=ko&pli=1
16 KOMORAN, https://github.com/shineware/KOMORAN
17 Korean Analysis Plugin, https://www.elastic.co/guide/en/elasticsearch/plugins/current/analysis-nori.html