2015
DOI: 10.2197/ipsjjip.23.623
|View full text |Cite
|
Sign up to set email alerts
|

Detecting Malicious Domains and Authoritative Name Servers Based on Their Distinct Mappings to IP Addresses

Abstract: As Domain Name System (DNS) provides flexibility and robustness in communications of hosts on Internet, not only legitimate users but also attackers often take advantages of it. If we know how attackers are managing their malicious domains with authoritative name servers, there is a possibility to detect not only malicious domains but also malicious authoritative name servers. In this study, we present a novel method for detecting malicious "domains" (noted as d) and malicious "authoritative name servers" (not… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
0
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
2

Relationship

0
2

Authors

Journals

citations
Cited by 2 publications
(6 citation statements)
references
References 3 publications
0
0
0
Order By: Relevance
“…In this section, we contrast our research with previous studies that propose approaches for detecting phishing NS flux hostnames. Only two such works, Kadir et al (2012); Pa et al (2015), were found, as explained Key aspects of the comparison are summed up in Table 12. The detection time is the primary distinction between our work and the other works.…”
Section: Discussionmentioning
confidence: 99%
See 4 more Smart Citations
“…In this section, we contrast our research with previous studies that propose approaches for detecting phishing NS flux hostnames. Only two such works, Kadir et al (2012); Pa et al (2015), were found, as explained Key aspects of the comparison are summed up in Table 12. The detection time is the primary distinction between our work and the other works.…”
Section: Discussionmentioning
confidence: 99%
“…According to studies by Salusky and Danford (2008); Konte et al (2009); Kadir et al (2012); Metcalf and Spring (2013); Pa et al (2015), some of the authoritative NSs registering RRs of malicious web services display a fluxing behaviour in which their IP addresses change quickly. This phenomenon is known as NS IP Flux (NSIF).…”
Section: Background Of Name Server Flux and Non-flux Networkmentioning
confidence: 99%
See 3 more Smart Citations