Skip to main content
SpringerLink
Log in

A Review: How to Detect Malicious Domains

  • Conference paper
  • First Online:
Advances in Artificial Intelligence and Security (ICAIS 2021)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1424))

Included in the following conference series:

Abstract

Malicious domains are one of the critical manifestations of cyber security attacks, severely posing threats to people’s privacy and property by providing malicious services (such as spam servers, phishing websites, and C&C servers) to Internet users. Therefore, researches on technology of malicious domains detection have also attracted much attention. Existing methods show significant differences in data sources and method implementations. In this paper, we conduct a retrospective analysis on them, and divide data into two types namely DNS data and DGA data. Different data sources correspond to different data forms and loaded information, so that researchers need to adopt appropriate methods to detect malicious domains by using such information. The detection methods are divided into four types. We describe general detection framework for each type of approach, and make an outlook for future research directions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mockapetris, P.V.: Domain names: concepts and facilities. Technical report. Internet Engineering Task Force (1983). https://tools.ietf.org/html/rfc882

  2. Mockapetris, P.V.: Domain names: implementation and specification. Technical report. Internet Engineering Task Force (1983). https://tools.ietf.org/html/rfc883

  3. The Internet Corporation for Assigned Names and Numbers (ICANN). https://www.icann.org/

  4. Khalil, I.M., Guan, B., Nabeel, M., et al.: A domain is only as good as its buddies: Detecting stealthy malicious domains via graph inference. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 330–341 (2018)

    Google Scholar 

  5. Rahbarinia, B., Perdisci, R., Antonakakis, M.: Segugio: efficient behavior-based tracking of malware-control domains in large ISP networks. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 403–414. IEEE (2015)

    Google Scholar 

  6. Antonakakis, M., Perdisci, R., Nadji Y., et al.: From throw-away traffic to bots: detecting the rise of DGA-based malware. Presented as part of the 21st {USENIX} Security Symposium ({USENIX} Security 2012), pp. 491–506 (2012)

    Google Scholar 

  7. Zdrnja, B., Brownlee, N., Wessels, D.: Passive monitoring of DNS anomalies. In: Hämmerli, B., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 129–139. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73614-1_8

    Chapter  Google Scholar 

  8. Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: Proceedings of USENIX Security Symposium, pp. 273–290 (2010)

    Google Scholar 

  9. Antonakakis, M., Perdisci, R., Lee, W., et al.: Detecting malware domains at the upper DNS hierarchy. In: USENIX Security Symposium, vol. 11, pp. 1–16 (2011)

    Google Scholar 

  10. Bao, Z., Wang, W., Lan, Y.: Using passive DNS to detect malicious domain name. In: Proceedings of the 3rd International Conference on Vision, Image and Signal Processing, pp. 1–8 (2019)

    Google Scholar 

  11. Sun, X., Tong, M., Yang, J., et al.: Hindom: a robust malicious domain detection system based on heterogeneous information network with transductive classification. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID} 2019), pp. 399–412 (2019)

    Google Scholar 

  12. Sun, X., Yang, J., Wang, Z., et al.: HGDom: heterogeneous graph convolutional networks for malicious domain detection. In: NOMS 2020–2020 IEEE/IFIP Network Operations and Management Symposium, pp. 1–9. IEEE (2020)

    Google Scholar 

  13. Stone-Gross, B., Cova, M., Cavallaro, L., et al.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 635–647 (2009)

    Google Scholar 

  14. Alexa. https://www.alexa.com

  15. Fkie, F.: Dgarchive. https://dgarchive.caad.fkie.fraunhofer.de

  16. Selvi, J., Rodríguez, R.J., Soria-Olivas, E.: Detection of algorithmically generated malicious domain names using masked N-grams. Expert Syst. Appl. 124, 156–163 (2019)

    Article  Google Scholar 

  17. Ren, F., Jiang, Z., Wang, X., et al.: A DGA domain names detection modeling method based on integrating an attention mechanism and deep neural network. Cybersecurity 3(1), 1–13 (2020)

    Article  Google Scholar 

  18. Mao, J., Zhang, J., Tang, Z., et al.: DNS anti-attack machine learning model for DGA domain name detection. Phys. Commun. 40, 101069 (2020)

    Article  Google Scholar 

  19. Zhauniarovich, Y., Khalil, I., Yu, T., et al.: A survey on malicious domains detection through DNS data analysis. ACM Comput. Surv. (CSUR) 51(4), 1–36 (2018)

    Article  Google Scholar 

  20. McGrath, D.K., Gupta, M.: behind phishing: an examination of phisher modi operandi. LEET 8, 4 (2008)

    Google Scholar 

  21. Yadav, S., Reddy, A.K.K., Reddy, A.L.N., et al.: Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, pp. 48–61 (2010)

    Google Scholar 

  22. Tang, H., Dong, C.: Detection of malicious domain names based on an improved hidden Markov model. Int. J. Wirel. Mobile Comput. 16(1), 58–65 (2019)

    Article  MathSciNet  Google Scholar 

  23. Kührer, M., Rossow, C., Holz, T.: Paint it black: evaluating the effectiveness of malware blacklists. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) Research in Attacks, Intrusions and Defenses, pp. 1–21. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_1

    Chapter  Google Scholar 

  24. Zhao, H., Chang, Z., Wang, W., et al.: malicious domain names detection algorithm based on lexical analysis and feature quantification. IEEE Access 7, 128990–128999 (2019)

    Article  Google Scholar 

  25. Cui, J., Zhang, L., Liu, Z., et al.: An efficient framework for online malicious domain detection. In: 2018 11th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI), pp. 1–6. IEEE (2018)

    Google Scholar 

  26. Kidmose, E., Stevanovic, M., Pedersen, J.M.: Detection of malicious domains through lexical analysis. In: 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp. 1–5. IEEE (2018)

    Google Scholar 

  27. Ghalati, N.F., Ghalaty, N.F., Barata, J.: Towards the detection of malicious URL and domain names using machine learning. In: Camarinha-Matos, L.M., Farhadi, N., Lopes, F., Pereira, H. (eds.) DoCEIS 2020. IAICT, vol. 577, pp. 109–117. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45124-0_10

    Chapter  Google Scholar 

  28. Zhu, J., Zou, F.: Detecting malicious domains using modified SVM model. In: 2019 IEEE 21st International Conference on High Performance Computing and Communications, IEEE 17th International Conference on Smart City, IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 492–499. IEEE (2019)

    Google Scholar 

  29. Wang, Q., Li, L., Jiang, B., Zhigang, L., Liu, J., Jian, S.: Malicious domain detection based on k-means and smote. In: Krzhizhanovskaya, V.V., et al. (eds.) Computational Science – ICCS 2020: 20th International Conference, Amsterdam, The Netherlands, June 3–5, 2020, Proceedings, Part II, pp. 468–481. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50417-5_35

    Chapter  Google Scholar 

  30. Vinayakumar, R., Soman, K.P., Poornachandran, P.: Detecting malicious domain names using deep learning approaches at scale. J. Intell. Fuzzy Syst. 34(3), 1355–1367 (2018)

    Article  Google Scholar 

  31. Chen, Y., Zhang, S., Liu, J., et al.: Towards a deep learning approach for detecting malicious domains. In: 2018 IEEE International Conference on Smart Cloud (SmartCloud), pp. 190–195. IEEE (2018)

    Google Scholar 

  32. Sun, Y., Chong, N.S.T., Ochiai, H.: Text-based malicious domain names detection based on variational autoencoder and supervised learning. In: 2020 54th Annual Conference on Information Sciences and Systems (CISS), pp. 1–5. IEEE (2020)

    Google Scholar 

  33. Xu, C., Shen, J., Du, X.: Detection method of domain names generated by DGAs based on semantic representation and deep neural network. Comput. Secur. 85, 77–88 (2019)

    Article  Google Scholar 

  34. He, W., Gou, G., Kang, C., et al.: Malicious domain detection via domain relationship and graph models. In: 2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC), pp. 1–8. IEEE (2019)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Cyberspace Science, Harbin Institute of Technology, Harbin, 150001, China

    Kang Li, Xiangzhan Yu & Jiujin Wang

Authors
  1. Kang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiangzhan Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jiujin Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Xiangzhan Yu .

Editor information

Editors and Affiliations

  1. Nanjing University of Information Science and Technology, Nanjing, China

    Xingming Sun

  2. Nanjing University of Information Science and Technology, Nanjing, China

    Xiaorui Zhang

  3. Jinan University, Guangzhou, China

    Zhihua Xia

  4. Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, K., Yu, X., Wang, J. (2021). A Review: How to Detect Malicious Domains. In: Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds) Advances in Artificial Intelligence and Security. ICAIS 2021. Communications in Computer and Information Science, vol 1424. Springer, Cham. https://doi.org/10.1007/978-3-030-78621-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-78621-2_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-78620-5

  • Online ISBN: 978-3-030-78621-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation