Detecting Malicious Domain Names with Abnormal WHOIS Records Using Feature-Based Rules

Artigo Revisado por pares

Detecting Malicious Domain Names with Abnormal WHOIS Records Using Feature-Based Rules

2021; Oxford University Press; Volume: 65; Issue: 9 Linguagem: Inglês

10.1093/comjnl/bxab062

ISSN

1460-2067

Autores

Yanan Cheng, Tingting Chai, Zhaoxin Zhang, Keyu Lu, Yuejin Du,

Tópico(s)

Cybercrime and Law Enforcement Studies

Resumo

Abstract Millions of new domain names are registered every day, but a large proportion of them are malicious and usually discovered and blacklisted after the crime has been committed. In order to improve the security of domain name registration, this paper proposes a lightweight detection method based on the AdaBoost to identify malicious domain names, which focuses on proactively detecting malicious domain names by exploring the abnormal WHOIS records. The domain name registries and registrars can adopt the proposed method as the first layer of defense to identify malicious domains on the domain registration stage. Extensive experiments on a large-scale database demonstrate that the proposed approach achieves satisfactory results on various malicious domain names.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Detecting Malicious Domain Names with Abnormal WHOIS Records Using Feature-Based Rules