• Title/Summary/Keyword: Suspicious Domain Inference

Search Result 1, Processing Time 0.015 seconds

A Proactive Inference Method of Suspicious Domains (선제 대응을 위한 의심 도메인 추론 방안)

  • Kang, Byeongho;YANG, JISU;So, Jaehyun;Kim, Czang Yeob
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.2
    • /
    • pp.405-413
    • /
    • 2016

  • In this paper, we propose a proactive inference method of finding suspicious domains. Our method detects potential malicious domains from the seed domain information extracted from the TLD Zone files and WHOIS information. The inference process follows the three steps: searching the candidate domains, machine learning, and generating a suspicious domain pool. In the first step, we search the TLD Zone files and build a candidate domain set which has the same name server information with the seed domain. The next step clusters the candidate domains by the similarity of the WHOIS information. The final step in the inference process finds the seed domain's cluster, and make the cluster as a suspicious domain set. In experiments, we used .COM and .NET TLD Zone files, and tested 10 seed domains selected by our analysts. The experimental results show that our proposed method finds 55 suspicious domains and 52 true positives. F1 scores 0.91, and precision is 0.95 We hope our proposal will contribute to the further proactive malicious domain blacklisting research.

  • https://doi.org/10.13089/JKIISC.2016.26.2.405 인용 PDF KSCI HTML