Evolving Smart URL Filter in a Zone-Based Policy Firewall for Detecting Algorithmically Generated Malicious Domains

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9047)

Abstract

Domain Generation Algorithm (DGA) has evolved as one of the most dangerous and “undetectable” digital security deception methods. The complexity of this approach (combined with the intricate function of the fast-flux “botnet” networks) is the cause of an extremely risky threat which is hard to trace. In most of the cases it should be faced as zero-day vulnerability. This kind of combined attacks is responsible for malware distribution and for the infection of Information Systems. Moreover it is related to illegal actions, like money mule recruitment sites, phishing websites, illicit online pharmacies, extreme or illegal adult content sites, malicious browser exploit sites and web traps for distributing virus. Traditional digital security mechanisms face such vulnerabilities in a conventional manner, they create often false alarms and they fail to forecast them. This paper proposes an innovative fast and accurate evolving Smart URL Filter (eSURLF) in a Zone-based Policy Firewall (ZFW) which uses evolving Spiking Neural Networks (eSNN) for detecting algorithmically generated malicious domains names.

Keywords

Domain Generation Algorithm Fast-flux Evolving Spiking Neural Network Botnet Feed Forward Neural Network Particle Swarm Optimization 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
  2. 2.
  3. 3.
    DGAs and Cyber-Criminals: A Case Study, Research Note. www.damballa.com
  4. 4.
    Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting Algorithmically Generated Domain-Flux Attacks With DNS Traffic Analysis. ACM 20(5) (2012)Google Scholar
  5. 5.
    Perdisci, R., Corona, I., Giacinto, G.: Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis. By the IEEE Computer Society (2012)Google Scholar
  6. 6.
    Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis. TISSEC 16(4), Article No. 14 A (2014)Google Scholar
  7. 7.
    Demertzis, K., Iliadis, L.: A hybrid network anomaly and intrusion detection approach based on evolving spiking neural network classification. In: Sideridis, A.B. (ed.) E-Democracy 2013. CCIS, vol. 441, pp. 11–23. Springer, Heidelberg (2014)Google Scholar
  8. 8.
    Demertzis, K., Iliadis, L.: Evolving computational intelligence system for malware detection. In: Iliadis, L., Papazoglou, M., Pohl, K. (eds.) CAiSE Workshops 2014. LNBIP, vol. 178, pp. 322–334. Springer, Heidelberg (2014)Google Scholar
  9. 9.
    Demertzis, K., Iliadis, L.: Bio-Inspired hybrid artificial intelligence framework for cyber security. In: Proceedings of the 2nd Conference on CryptAAF, Athens, Greece (2014)Google Scholar
  10. 10.
    Demertzis, K., Iliadis, L.: Bio-Inspired Hybrid Intelligent Method for Detecting Android Malware. In: Proceedings of the 9th KICSS Conference, Limassol, Cyprus (2014)Google Scholar
  11. 11.
    Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee W.: Bothunter: detecting malware infection through ids-driven dialog correlation. In: 16th USENIX, pp. 1--16 (2007)Google Scholar
  12. 12.
    Ma, J.: Beyond blacklist: learning to detect malicious website from suspicious URLs. In: SIGKDD Conference, Paris, France (2009)Google Scholar
  13. 13.
    McGrath, D.K., Gupta, M.: Behind phishing: an examination of phisher modi operandi. In: USENIX on Large-scale Exploits and Emergent Threats (LEET) (2008)Google Scholar
  14. 14.
    Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming botnets: signatures and characteristics. ACM SIGCOMM Comp. Comm. Review (2008)Google Scholar
  15. 15.
    Stalmans, E.: A framework for DNS based detection and mitigation of malware infections on a network. In: Information Security South Africa Conference (2011)Google Scholar
  16. 16.
    Nhauo, D., Sung-Ryul, K.: Classification of malicious domain names using support vector machine and bi-gram method. J. of Security and its Applications 7(1) (2013)Google Scholar
  17. 17.
    Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu, S., Lee, W., Dagon, D.: From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware (2012)Google Scholar
  18. 18.
    Zhao, D., Traore, I., Sayed, B., Lu, W., Saad, S., Ghorbani, A.: Botnet detection based on traffic behavior analysis and flow intervals. J. Computer Security 39, 2–16 (2013)Google Scholar
  19. 19.
    Holz, T., Gorecki, C., Rieck, K., Freiling, F.: Measuring and detecting fast-flux service networks. In: Network & Distributed System Security Symposium, NDSS 2008 (2008)Google Scholar
  20. 20.
    Passerini, E., Paleari, R., Martignoni, L., Bruschi, D.: Fluxor: detecting and monitoring fast-flux service networks. In: DIMVA 2008 (2008)Google Scholar
  21. 21.
    Nazario, J., Holz, T.: As the net churns fast-flux botnet observations. In: MALWARE (2008)Google Scholar
  22. 22.
    Konte, M., Feamster, N., Jung, J.: Dynamics of online scam hosting infrastructure. In: Passive and Active Measurement Conference, PAM 2009 (2009)Google Scholar
  23. 23.
    Cisco Router and Security Device Manager 2.4 User’s Guide. www.cisco.com
  24. 24.
  25. 25.
  26. 26.
  27. 27.
    Upton, G., Cook, I.: Understanding Statistics. Oxford University Press, p. 55 (1996)Google Scholar
  28. 28.
    Thorpe, S.J., Delorme, A., Rullen, R.: Spike-based strategies for rapid processing (2001)Google Scholar
  29. 29.
    Schliebs, S., Kasabov, N.: Evolving spiking neural network—a survey. Springer (2013)Google Scholar
  30. 30.
    Delorme, A., Perrinet, L., Thorpe, S.J.: Networks of Integrate-and-Fire Neurons using Rank Order Coding. Pub. in Neurocomputing 38-40(1-4), 539–545 (2000)Google Scholar
  31. 31.
    Thorpe, S.J., Gautrais, J.: Rank order coding. In: CNS 1997: 6th Conf. on Computational Neuroscience: Trends in Research, pp. 113–118. Plenum Pr. (1998)Google Scholar
  32. 32.
    Kasabov, N.: Evolving connectionist systems: Methods and Applications in Bioinformatics, Brain study and intelligent machines. Springer (2002)Google Scholar
  33. 33.
    Wysoski, S.G., Benuskova, L., Kasabov, N.: Adaptive learning procedure for a network of spiking neurons and visual pattern recognition. In: Blanc-Talon, J., Philips, W., Popescu, D., Scheunders, P. (eds.) ACIVS 2006. LNCS, vol. 4179, pp. 1133–1142. Springer, Heidelberg (2006)Google Scholar
  34. 34.
    Schliebs, S., Defoin-Platel, M., Kasabov, N.: Integrated feature and parameter optimization for an evolving spiking neural network. In: Köppen, M., Kasabov, N., Coghill, G. (eds.) ICONIP 2008, Part I. LNCS, vol. 5506, pp. 1229–1236. Springer, Heidelberg (2009)Google Scholar
  35. 35.
    Iliadis, L.: Intelligent Information Systems and applications in risk estimation. A. Stamoulis publication, Thessaloniki (2008) ISBN: 978-960-6741-33-3Google Scholar
  36. 36.
    Mirjalili, S., Hashim, S., Sardroudi, H.: Training feedforward neural networks using hybrid particle swarm optimization and gravitational search algorithm. Elsevier (2012)Google Scholar
  37. 37.
    Ferreira, C.: Gene Expression Programming: Mathematical Modeling by an Artificial Intelligence, 2nd edn., Springer (2006)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Democritus University of ThraceOrestiadaGreece

Personalised recommendations