Classification of Malicious Domains by Their LIFETIME

Daiji Hara, Kouichi Sakurai, Yasuo Musashi

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

In this study, we look for malicious domains in the logs of the primary DNS server of Kumamoto University using a malicious domain check tool (Virus Total), We then classify them according to their LIFETIME (LT) and investigate their main attack applications. The following results were obtained from the experiment: (1) Ransomware, phishing, and DDoS attacks were the 3 most frequent attacks. (2) We obtained two sets of LIFETIME by plotting the number of malicious domains according to their frequency (3) The frequency distribution obtained on ransomware, phishing, and DDoS attacks show that the LT distribution of ransomware and phishing is similar, however, the frequency of DDoS attacks is shorter. (4) From these results, we learn that the attack method can be determined by measuring the LT. The LT shows to be a good parameter to be used with machine learning to detect malicious domain names.

Original languageEnglish
Title of host publicationLecture Notes on Data Engineering and Communications Technologies
PublisherSpringer
Pages334-341
Number of pages8
DOIs
Publication statusPublished - Jan 1 2020

Publication series

NameLecture Notes on Data Engineering and Communications Technologies
Volume47
ISSN (Print)2367-4512
ISSN (Electronic)2367-4520

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Media Technology
  • Electrical and Electronic Engineering
  • Computer Science Applications
  • Computer Networks and Communications
  • Information Systems

Cite this

Hara, D., Sakurai, K., & Musashi, Y. (2020). Classification of Malicious Domains by Their LIFETIME. In Lecture Notes on Data Engineering and Communications Technologies (pp. 334-341). (Lecture Notes on Data Engineering and Communications Technologies; Vol. 47). Springer. https://doi.org/10.1007/978-3-030-39746-3_35