An empirical study of spam traffic and the use of DNS black lists
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Revealing botnet membership using DNSBL counter-intelligence
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Highly predictive blacklisting
SS'08 Proceedings of the 17th conference on Security symposium
Beyond blacklists: learning to detect malicious web sites from suspicious URLs
Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining
Phishnet: predictive blacklisting to detect phishing attacks
INFOCOM'10 Proceedings of the 29th conference on Information communications
Predictive blacklisting as an implicit recommendation system
INFOCOM'10 Proceedings of the 29th conference on Information communications
Spamcraft: an inside look at spam campaign orchestration
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Lexical feature based phishing URL detection using online learning
Proceedings of the 3rd ACM workshop on Artificial intelligence and security
Building a dynamic reputation system for DNS
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
On the effects of registrar-level intervention
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
Detecting malware domains at the upper DNS hierarchy
SEC'11 Proceedings of the 20th USENIX conference on Security
Link spamming Wikipedia for profit
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Monitoring the initial DNS behavior of malicious domains
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Proactive discovery of phishing related domain names
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Fluxing botnet command and control channels with URL shortening services
Computer Communications
Understanding the domain registration behavior of spammers
Proceedings of the 2013 conference on Internet measurement conference
| Hi-index | 0.00 |
In this paper we explore the potential of leveraging properties inherent to domain registrations and their appearance in DNS zone files to predict the malicious use of domains proactively, using only minimal observation of known-bad domains to drive our inference. Our analysis demonstrates that our inference procedure derives on average 3.5 to 15 new domains from a given known-bad domain. 93% of these inferred domains subsequently appear suspect (based on third-party assessments), and nearly 73% eventually appear on blacklists themselves. For these latter, proactively blocking based on our predictions provides a median headstart of about 2 days versus using a reactive blacklist, though this gain varies widely for different domains.