DomainChroma: Providing Optimal Countermeasures against Malicious Domain Names

Daiki Chiba; Mitsuaki Akiyama; Takeshi Yagi; Takeshi Yada; Tatsuya Mori; Shigeki Goto

doi:10.1109/COMPSAC.2017.112

DomainChroma: Providing Optimal Countermeasures against Malicious Domain Names

Daiki Chiba, Mitsuaki Akiyama, Takeshi Yagi, Takeshi Yada, Tatsuya Mori, Shigeki Goto

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

Domain names and domain name system (DNS) have been used and abused for over 30 years since the 1980s. Although legitimate Internet users rely on domain names as their indispensable infrastructures for using the Internet, attackers use or abuse them as reliable, instantaneous, and distributed attack infrastructure. However, there is a lack of complete understanding of such domain name abuses and the methods for coping with them. In this paper, we design and implement a unified and objective analysis pipeline combining the existing defense solutions to realize practical and optimal defenses against today's malicious domain names. The basic concept underlying our novel analytical approach is malicious domain names' chromatography. Our new analysis pipeline can distinguish among mixtures of malicious domain names for websites. On the basis of this concept, we do not create a hodgepodge of existing solutions but design separation of abused domain names and offer defense information by considering the characteristics of malicious domain names as well as the possible defense solutions and points of defense. Finally, we evaluate our analysis pipeline and output defense information using a large and real dataset to show the effectiveness and validity of our proposed approach.

Original language	English
Title of host publication	Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference, COMPSAC 2017
Publisher	IEEE Computer Society
Pages	643-648
Number of pages	6
Volume	1
ISBN (Electronic)	9781538603673
DOIs	https://doi.org/10.1109/COMPSAC.2017.112
Publication status	Published - 2017 Sept 7
Event	41st IEEE Annual Computer Software and Applications Conference, COMPSAC 2017 - Torino, Italy Duration: 2017 Jul 4 → 2017 Jul 8

Other

Other	41st IEEE Annual Computer Software and Applications Conference, COMPSAC 2017
Country/Territory	Italy
City	Torino
Period	17/7/4 → 17/7/8

Keywords

blacklists
countermeasures
DNS
domain name

ASJC Scopus subject areas

Software
Computer Science Applications

Access to Document

10.1109/COMPSAC.2017.112

Cite this

DomainChroma: Providing Optimal Countermeasures against Malicious Domain Names. / Chiba, Daiki; Akiyama, Mitsuaki; Yagi, Takeshi et al.
Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference, COMPSAC 2017. Vol. 1 IEEE Computer Society, 2017. p. 643-648 8029671.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Chiba, D, Akiyama, M, Yagi, T, Yada, T, Mori, T & Goto, S 2017, DomainChroma: Providing Optimal Countermeasures against Malicious Domain Names. in Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference, COMPSAC 2017. vol. 1, 8029671, IEEE Computer Society, pp. 643-648, 41st IEEE Annual Computer Software and Applications Conference, COMPSAC 2017, Torino, Italy, 17/7/4. https://doi.org/10.1109/COMPSAC.2017.112

@inproceedings{eb2d834cae1f40a3ac722c588263f229,

title = "DomainChroma: Providing Optimal Countermeasures against Malicious Domain Names",

abstract = "Domain names and domain name system (DNS) have been used and abused for over 30 years since the 1980s. Although legitimate Internet users rely on domain names as their indispensable infrastructures for using the Internet, attackers use or abuse them as reliable, instantaneous, and distributed attack infrastructure. However, there is a lack of complete understanding of such domain name abuses and the methods for coping with them. In this paper, we design and implement a unified and objective analysis pipeline combining the existing defense solutions to realize practical and optimal defenses against today's malicious domain names. The basic concept underlying our novel analytical approach is malicious domain names' chromatography. Our new analysis pipeline can distinguish among mixtures of malicious domain names for websites. On the basis of this concept, we do not create a hodgepodge of existing solutions but design separation of abused domain names and offer defense information by considering the characteristics of malicious domain names as well as the possible defense solutions and points of defense. Finally, we evaluate our analysis pipeline and output defense information using a large and real dataset to show the effectiveness and validity of our proposed approach.",

keywords = "blacklists, countermeasures, DNS, domain name",

author = "Daiki Chiba and Mitsuaki Akiyama and Takeshi Yagi and Takeshi Yada and Tatsuya Mori and Shigeki Goto",

year = "2017",

month = sep,

day = "7",

doi = "10.1109/COMPSAC.2017.112",

language = "English",

volume = "1",

pages = "643--648",

booktitle = "Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference, COMPSAC 2017",

publisher = "IEEE Computer Society",

address = "United States",

note = "41st IEEE Annual Computer Software and Applications Conference, COMPSAC 2017 ; Conference date: 04-07-2017 Through 08-07-2017",

}

TY - GEN

T1 - DomainChroma

T2 - 41st IEEE Annual Computer Software and Applications Conference, COMPSAC 2017

AU - Chiba, Daiki

AU - Akiyama, Mitsuaki

AU - Yagi, Takeshi

AU - Yada, Takeshi

AU - Mori, Tatsuya

AU - Goto, Shigeki

PY - 2017/9/7

Y1 - 2017/9/7

N2 - Domain names and domain name system (DNS) have been used and abused for over 30 years since the 1980s. Although legitimate Internet users rely on domain names as their indispensable infrastructures for using the Internet, attackers use or abuse them as reliable, instantaneous, and distributed attack infrastructure. However, there is a lack of complete understanding of such domain name abuses and the methods for coping with them. In this paper, we design and implement a unified and objective analysis pipeline combining the existing defense solutions to realize practical and optimal defenses against today's malicious domain names. The basic concept underlying our novel analytical approach is malicious domain names' chromatography. Our new analysis pipeline can distinguish among mixtures of malicious domain names for websites. On the basis of this concept, we do not create a hodgepodge of existing solutions but design separation of abused domain names and offer defense information by considering the characteristics of malicious domain names as well as the possible defense solutions and points of defense. Finally, we evaluate our analysis pipeline and output defense information using a large and real dataset to show the effectiveness and validity of our proposed approach.

AB - Domain names and domain name system (DNS) have been used and abused for over 30 years since the 1980s. Although legitimate Internet users rely on domain names as their indispensable infrastructures for using the Internet, attackers use or abuse them as reliable, instantaneous, and distributed attack infrastructure. However, there is a lack of complete understanding of such domain name abuses and the methods for coping with them. In this paper, we design and implement a unified and objective analysis pipeline combining the existing defense solutions to realize practical and optimal defenses against today's malicious domain names. The basic concept underlying our novel analytical approach is malicious domain names' chromatography. Our new analysis pipeline can distinguish among mixtures of malicious domain names for websites. On the basis of this concept, we do not create a hodgepodge of existing solutions but design separation of abused domain names and offer defense information by considering the characteristics of malicious domain names as well as the possible defense solutions and points of defense. Finally, we evaluate our analysis pipeline and output defense information using a large and real dataset to show the effectiveness and validity of our proposed approach.

KW - blacklists

KW - countermeasures

KW - DNS

KW - domain name

UR - http://www.scopus.com/inward/record.url?scp=85031894542&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85031894542&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC.2017.112

DO - 10.1109/COMPSAC.2017.112

M3 - Conference contribution

AN - SCOPUS:85031894542

VL - 1

SP - 643

EP - 648

BT - Proceedings - 2017 IEEE 41st Annual Computer Software and Applications Conference, COMPSAC 2017

PB - IEEE Computer Society

Y2 - 4 July 2017 through 8 July 2017

ER -

DomainChroma: Providing Optimal Countermeasures against Malicious Domain Names

Abstract

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this