Abstract
Malicious domains are one of the critical manifestations of cyber security attacks, severely posing threats to people’s privacy and property by providing malicious services (such as spam servers, phishing websites, and C&C servers) to Internet users. Therefore, researches on technology of malicious domains detection have also attracted much attention. Existing methods show significant differences in data sources and method implementations. In this paper, we conduct a retrospective analysis on them, and divide data into two types namely DNS data and DGA data. Different data sources correspond to different data forms and loaded information, so that researchers need to adopt appropriate methods to detect malicious domains by using such information. The detection methods are divided into four types. We describe general detection framework for each type of approach, and make an outlook for future research directions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mockapetris, P.V.: Domain names: concepts and facilities. Technical report. Internet Engineering Task Force (1983). https://tools.ietf.org/html/rfc882
Mockapetris, P.V.: Domain names: implementation and specification. Technical report. Internet Engineering Task Force (1983). https://tools.ietf.org/html/rfc883
The Internet Corporation for Assigned Names and Numbers (ICANN). https://www.icann.org/
Khalil, I.M., Guan, B., Nabeel, M., et al.: A domain is only as good as its buddies: Detecting stealthy malicious domains via graph inference. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 330–341 (2018)
Rahbarinia, B., Perdisci, R., Antonakakis, M.: Segugio: efficient behavior-based tracking of malware-control domains in large ISP networks. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 403–414. IEEE (2015)
Antonakakis, M., Perdisci, R., Nadji Y., et al.: From throw-away traffic to bots: detecting the rise of DGA-based malware. Presented as part of the 21st {USENIX} Security Symposium ({USENIX} Security 2012), pp. 491–506 (2012)
Zdrnja, B., Brownlee, N., Wessels, D.: Passive monitoring of DNS anomalies. In: Hämmerli, B., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 129–139. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73614-1_8
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: Proceedings of USENIX Security Symposium, pp. 273–290 (2010)
Antonakakis, M., Perdisci, R., Lee, W., et al.: Detecting malware domains at the upper DNS hierarchy. In: USENIX Security Symposium, vol. 11, pp. 1–16 (2011)
Bao, Z., Wang, W., Lan, Y.: Using passive DNS to detect malicious domain name. In: Proceedings of the 3rd International Conference on Vision, Image and Signal Processing, pp. 1–8 (2019)
Sun, X., Tong, M., Yang, J., et al.: Hindom: a robust malicious domain detection system based on heterogeneous information network with transductive classification. In: 22nd International Symposium on Research in Attacks, Intrusions and Defenses ({RAID} 2019), pp. 399–412 (2019)
Sun, X., Yang, J., Wang, Z., et al.: HGDom: heterogeneous graph convolutional networks for malicious domain detection. In: NOMS 2020–2020 IEEE/IFIP Network Operations and Management Symposium, pp. 1–9. IEEE (2020)
Stone-Gross, B., Cova, M., Cavallaro, L., et al.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 635–647 (2009)
Alexa. https://www.alexa.com
Fkie, F.: Dgarchive. https://dgarchive.caad.fkie.fraunhofer.de
Selvi, J., Rodríguez, R.J., Soria-Olivas, E.: Detection of algorithmically generated malicious domain names using masked N-grams. Expert Syst. Appl. 124, 156–163 (2019)
Ren, F., Jiang, Z., Wang, X., et al.: A DGA domain names detection modeling method based on integrating an attention mechanism and deep neural network. Cybersecurity 3(1), 1–13 (2020)
Mao, J., Zhang, J., Tang, Z., et al.: DNS anti-attack machine learning model for DGA domain name detection. Phys. Commun. 40, 101069 (2020)
Zhauniarovich, Y., Khalil, I., Yu, T., et al.: A survey on malicious domains detection through DNS data analysis. ACM Comput. Surv. (CSUR) 51(4), 1–36 (2018)
McGrath, D.K., Gupta, M.: behind phishing: an examination of phisher modi operandi. LEET 8, 4 (2008)
Yadav, S., Reddy, A.K.K., Reddy, A.L.N., et al.: Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, pp. 48–61 (2010)
Tang, H., Dong, C.: Detection of malicious domain names based on an improved hidden Markov model. Int. J. Wirel. Mobile Comput. 16(1), 58–65 (2019)
Kührer, M., Rossow, C., Holz, T.: Paint it black: evaluating the effectiveness of malware blacklists. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) Research in Attacks, Intrusions and Defenses, pp. 1–21. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_1
Zhao, H., Chang, Z., Wang, W., et al.: malicious domain names detection algorithm based on lexical analysis and feature quantification. IEEE Access 7, 128990–128999 (2019)
Cui, J., Zhang, L., Liu, Z., et al.: An efficient framework for online malicious domain detection. In: 2018 11th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI), pp. 1–6. IEEE (2018)
Kidmose, E., Stevanovic, M., Pedersen, J.M.: Detection of malicious domains through lexical analysis. In: 2018 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), pp. 1–5. IEEE (2018)
Ghalati, N.F., Ghalaty, N.F., Barata, J.: Towards the detection of malicious URL and domain names using machine learning. In: Camarinha-Matos, L.M., Farhadi, N., Lopes, F., Pereira, H. (eds.) DoCEIS 2020. IAICT, vol. 577, pp. 109–117. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45124-0_10
Zhu, J., Zou, F.: Detecting malicious domains using modified SVM model. In: 2019 IEEE 21st International Conference on High Performance Computing and Communications, IEEE 17th International Conference on Smart City, IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), pp. 492–499. IEEE (2019)
Wang, Q., Li, L., Jiang, B., Zhigang, L., Liu, J., Jian, S.: Malicious domain detection based on k-means and smote. In: Krzhizhanovskaya, V.V., et al. (eds.) Computational Science – ICCS 2020: 20th International Conference, Amsterdam, The Netherlands, June 3–5, 2020, Proceedings, Part II, pp. 468–481. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-50417-5_35
Vinayakumar, R., Soman, K.P., Poornachandran, P.: Detecting malicious domain names using deep learning approaches at scale. J. Intell. Fuzzy Syst. 34(3), 1355–1367 (2018)
Chen, Y., Zhang, S., Liu, J., et al.: Towards a deep learning approach for detecting malicious domains. In: 2018 IEEE International Conference on Smart Cloud (SmartCloud), pp. 190–195. IEEE (2018)
Sun, Y., Chong, N.S.T., Ochiai, H.: Text-based malicious domain names detection based on variational autoencoder and supervised learning. In: 2020 54th Annual Conference on Information Sciences and Systems (CISS), pp. 1–5. IEEE (2020)
Xu, C., Shen, J., Du, X.: Detection method of domain names generated by DGAs based on semantic representation and deep neural network. Comput. Secur. 85, 77–88 (2019)
He, W., Gou, G., Kang, C., et al.: Malicious domain detection via domain relationship and graph models. In: 2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC), pp. 1–8. IEEE (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Li, K., Yu, X., Wang, J. (2021). A Review: How to Detect Malicious Domains. In: Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds) Advances in Artificial Intelligence and Security. ICAIS 2021. Communications in Computer and Information Science, vol 1424. Springer, Cham. https://doi.org/10.1007/978-3-030-78621-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-78621-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78620-5
Online ISBN: 978-3-030-78621-2
eBook Packages: Computer ScienceComputer Science (R0)