Abstract
Domain name classification is an important issue in the field of cyber security. Notice that objectionable-related domain names are one category of domain names that serve services such as gambling, pornography, etc. They are classified and even forbidden in some areas, some of these domain names may defraud visitors privacy and property. Timely and accurate identification of these domain names is significant for Internet content censorship and users security. In this work, we analyze the behavior of objectionable-related domain names from the real-world DNS traffic, finding that there exist evidently differences between objectionable-related domain names and none-objectionable ones. In this paper, we propose a stacking approach to objectionable-related domain names identification, VisSensor, that automatically extracts name features and latent visiting patterns of domain names from the DNS traffic and distinguishes objectionable-related ones. We integrate convolutional neural networks with fully-connected neural networks to collaborate features of different dimensions and improve experimental results. The accuracy of VisSensor is 88.48% with a false positive rate of \(9.11\%\). We also compared VisSensor with a public domain name tagging system, and our VisSensor performed better than the tagging system on the identification task of the objectionable-related domain names.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Customer URL Ticketing System. https://trustedsource.org/sources/index.pl. Accessed 12 July 2018
Weimer, F.: Passive DNS replication. In: FIRST Conference on Computer Security Incident, p. 98 (2005)
Zdrnja, B., Brownlee, N., Wessels, D.: Passive monitoring of DNS anomalies. In: M. Hämmerli, B., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 129–139. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73614-1_8
Antonakakis, M., Perdisci, R., Dagon, D., et al.: Building a dynamic reputation system for DNS. In: USENIX Security Symposium, pp. 273–290 (2010)
Bilge, L., Kirda, E., Kruegel, C., et al.: EXPOSURE: finding malicious domains using passive DNS analysis. In: NDSS (2011)
Antonakakis, M., Perdisci, R., Lee, W., et al.: Detecting malware domains at the upper DNS hierarchy. In: USENIX Security Symposium, pp. 1–16 (2011)
Rahbarinia, B., Perdisci, R., Antonakakis, M.: Segugio: efficient behavior-based tracking of malware-control domains in large ISP networks. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN, pp. 403–414. IEEE (2015)
Hao, S., Thomas, M., Paxson, V., et al.: Understanding the domain registration behavior of spammers. In: Proceedings of the 2013 Conference on Internet Measurement Conference, pp. 63–76. ACM (2013)
LeCun, Y., Jackel, L.D., Bottou, L., et al.: Learning algorithms for classification: a comparison on handwritten digit recognition. Neural Netw.: Stat. Mech. Perspect. 261, 276 (1995)
Szegedy, C., Liu, W., Jia, Y., et al.: Going deeper with convolutions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1–9 (2015)
Sinha, S., Bailey, M., Jahanian, F.: Shades of Grey: on the effectiveness of reputation-based “blacklists”. In: 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, pp. 57–64. IEEE (2008)
Sheng, S., Wardman, B., Warner, G., et al.: An empirical analysis of phishing blacklists. In: Sixth Conference on Email and Anti-Spam, CEAS (2009)
Kührer, M., Rossow, C., Holz, T.: Paint it black: evaluating the effectiveness of malware blacklists. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 1–21. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_1
Kheir, N., Tran, F., Caron, P., Deschamps, N.: Mentor: positive DNS reputation to skim-off benign domains in botnet C&C blacklists. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T., et al. (eds.) SEC 2014. IFIPAICT, vol. 428, pp. 1–14. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55415-5_1
Stevanovic, M., Pedersen, J.M., D’Alconzo, A., et al.: On the ground truth problem of malicious DNS traffic analysis. Comput. Secur. 55, 142–158 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zhao, C., Zhang, Y., Zang, T., Liang, Z., Wang, Y. (2019). A Stacking Approach to Objectionable-Related Domain Names Identification by Passive DNS Traffic (Short Paper). In: Gao, H., Wang, X., Yin, Y., Iqbal, M. (eds) Collaborative Computing: Networking, Applications and Worksharing. CollaborateCom 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 268. Springer, Cham. https://doi.org/10.1007/978-3-030-12981-1_20
Download citation
DOI: https://doi.org/10.1007/978-3-030-12981-1_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12980-4
Online ISBN: 978-3-030-12981-1
eBook Packages: Computer ScienceComputer Science (R0)