2019
DOI: 10.1109/access.2019.2944203
|View full text |Cite
|
Sign up to set email alerts
|

A Cause-Based Classification Approach for Malicious DNS Queries Detected Through Blacklists

Abstract: Some of the most serious security threats facing computer networks involve malware. To prevent this threat, administrators need to swiftly remove the infected machines from their networks. One common way to detect infected machines in a network is by monitoring communications based on blacklists. However, detection using this method has the following two problems: no blacklist is completely reliable, and blacklists do not provide sufficient evidence to allow administrators to determine the validity and accurac… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

1
6
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
6
1

Relationship

1
6

Authors

Journals

citations
Cited by 12 publications
(7 citation statements)
references
References 33 publications
1
6
0
Order By: Relevance
“…These scenarios have motivated focus on the resolution of domain names for the traditional DNSs, which are not encryption, as an information source for detecting malware. Through previous investigations [28], we have confirmed that the traces of malicious activities appear in queries for the traditional DNSs.…”
Section: Related Worksupporting
confidence: 64%
“…These scenarios have motivated focus on the resolution of domain names for the traditional DNSs, which are not encryption, as an information source for detecting malware. Through previous investigations [28], we have confirmed that the traces of malicious activities appear in queries for the traditional DNSs.…”
Section: Related Worksupporting
confidence: 64%
“…Similarly, papers such as [13,16] focusing on using blacklists for spam filtering in mail servers are also considered complementary. [4] 2012 Zhang et al [23] 2013 Kührer et al [10] 2014 Foremski et al [7] 2014 Satoh et al [14] 2019 Spacek et al [17] 2019 Wilde et al [21] 2019 Li et al [11] 2019 Telenor Norway [19] 2020 Griffioen et al [8] 2020…”
Section: Related Workmentioning
confidence: 99%
“…This approach can lead to a high false positive rate for some IoT hosts due to version updates which usually behave similarly to botnet behavior. A more recent work used blacklists to perform cause-based classification of malicious DNS queries [19].…”
Section: ) Knowledge-based and Machine Learning-based Approachesmentioning
confidence: 99%