A wrinkle in time: a case study in DNS poisoning

Berger, Harel; Dvir, Amit; Geva, Moti

doi:10.1007/s10207-020-00502-x

Cited by 11 publications

(13 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Active time of domain = Date U pdated − Date Created (14) Similar to the lifetime of a domain, the active time of a domain is calculated as the interval between a domain's update date and creation date in years. Using the same example as for the "Lifetime of domain", the active time of the domain "ariel-cyber.co.il" is the number of years from 2015-05-14 to 2018-06-04; i.e., 3.…”

Section: -Active Time Of Domainmentioning

confidence: 99%

“…In such attacks, the adversary can utilize a set of domains and IP addresses to orchestrate sophisticated attacks [56,12]. Therefore, the ability to identify a malicious domain in advance is a massive game-changer [11,12,14,15,18,20,22,25,26,27,37,45,49,56,60,61,64].…”

Section: Introductionmentioning

confidence: 99%

“…A common way of identifying malicious/compromised domains is to collect information about the domain names (alphanumeric characters) and network information (such as DNS and passive DNS data 1 ). This information is then used for extracting a set of features, according to which machine learning (ML) algorithms, are trained based on a desirably massive amount of data [12,13,14,15,18,20,25,26,27,37,45,46,49,60,64].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Less is More: Robust and Novel Features for Malicious Domain Detection

Hajaj

Hason²,

Harel

et al. 2020

Preprint

View full text Add to dashboard Cite

Malicious domains are increasingly common and pose a severe cybersecurity threat. Specifically, many types of current cyber attacks use URLs for attack communications (e.g., C&C, phishing, and spear-phishing). Despite the continuous progress in detecting these attacks, many alarming problems remain open, such as the weak spots of the defense mechanisms. Since machine learning has become one of the most prominent methods of malware detection, A robust feature selection mechanism is proposed that results in malicious domain detection models that are resistant to evasion attacks. This mechanism exhibits high performance based on empirical data. This paper makes two main contributions: First, it provides an analysis of robust feature selection based on widely used features in the literature. Note that even though the feature set dimensional space is reduced by half (from nine to four features), the performance of the classifier is still improved (an increase in the model's F1-score from 92.92% to 95.81%). Second, it introduces novel features that are robust to the adversary's manipulation. Based on extensive evaluation of the different feature sets and commonly used classification models this paper show that models which are based on robust features are resistant to malicious perturbations, and at the same time useful for classifying non-manipulated data.

show abstract

Section: -Active Time Of Domainmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Less is More: Robust and Novel Features for Malicious Domain Detection

Hajaj

Hason²,

Harel

et al. 2020

Preprint

View full text Add to dashboard Cite

show abstract

“…10 As a critical infrastructure, the DNS client security cannot be ignored. [11][12][13] However, a new DNS cache poisoning attack targeting it has occurred recently. 14 Unlike other threats, the attack targets DNS clients, which only need to cooperate with a nonprivileged malicious program.…”

Section: Introductionmentioning

confidence: 99%

“…As a critical infrastructure, the DNS client security cannot be ignored 11–13 . However, a new DNS cache poisoning attack targeting it has occurred recently 14 .…”

Section: Introductionmentioning

confidence: 99%

An intelligent proactive defense against the client‐side DNS cache poisoning attack via self‐checking deep reinforcement learning

Yang

et al. 2022

Int J of Intelligent Sys

View full text Add to dashboard Cite

A new class of poisoning attacks has recently emerged targeting the client-side Domain Name System (DNS) cache. It allows users to visit fake websites unconsciously, thereby revealing their information, such as passwords. However, the current DNS defense architecture does not include DNS clients. Although relative encryption solutions can mitigate this attack, they require the cooperation of multiple parties, and the deployment speed is slow. Therefore, we propose an intelligent-driven proactive defense strategy. First, we model the offensive and defensive process as a stochastic game based on moving target defense. Second, we adopt and optimize Proximal PolicyOptimization (PPO), a deep reinforcement learning method, to solve problems caused by uncertain attack strategies and unknown state transition probability. Third, we design a self-checking component in PPO to solve the uncertainty of action space caused by game state constraints based on our previous work. Thus the convergence speed and stability of PPO are improved. Finally, to the best of our knowledge, we are the first to game with intelligent attackers besides three conventional ones. Our strategy does not require any

show abstract

Phish-Sight: a new approach for phishing detection using dominant colors on web pages and machine learning

Pandey

Mishra

2023

Int. J. Inf. Secur.

View full text Add to dashboard Cite

A wrinkle in time: a case study in DNS poisoning

Cited by 11 publications

References 33 publications

Less is More: Robust and Novel Features for Malicious Domain Detection

Less is More: Robust and Novel Features for Malicious Domain Detection

An intelligent proactive defense against the client‐side DNS cache poisoning attack via self‐checking deep reinforcement learning

Phish-Sight: a new approach for phishing detection using dominant colors on web pages and machine learning

Contact Info

Product

Resources

About