Proactive blacklisting for malicious web sites by reputation evaluation based on domain and IP address registration

Yoshiro Fukushima, Yoshiaki Hori, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Citations (Scopus)

Abstract

The objective of creating malicious software (i.e., malware), intruding computers and conducting malicious activities is shifted from showing off attacker's computer skills to earning money. Thus, recent attackers take more sophisticated and effective malware infection ways such as malware infection via malicious Web sites as well as the traditional exploitations like worm propagation. The malicious Web sites attempt to compromise machines by drive-by-download attack which redirects users to exploiting sites and install malware compulsorily in their machines by exploiting vulnerabilities of their Web browser or plugins. As a countermeasure for these malicious Web sites, blacklisting URLs or domains of them is significant. However, attackers tend to change the URLs or domains in a short period to avoid the blacklist. Thus, a blacklisting scheme which can filter even unknown malicious Web sites is critical. In this paper, we first analyze characteristics of malicious Web sites by their domain information such as AS (Autonomous System), IP address block, IP address, domain, and registrar. Second, we evaluate reputations of IP address blocks and registrars used by attackers. Then, we propose a blacklisting scheme constructed of the combination of IP address block and registrars with low reputation, that is, intensively used by attackers. From our experimental results, the Web sites with the same combination with low reputation appeared over long period, which indicates that our proposed blacklist has a certain capability of filtering unknown malicious Web sites.

Original languageEnglish
Title of host publicationProc. 10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. FCST 2011
Pages352-361
Number of pages10
DOIs
Publication statusPublished - Dec 1 2011
Event10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on Frontier of Computer Science and Technology, FCST 2011 - Changsha, China
Duration: Nov 16 2011Nov 18 2011

Publication series

NameProc. 10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on FCST 2011

Other

Other10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on Frontier of Computer Science and Technology, FCST 2011
CountryChina
CityChangsha
Period11/16/1111/18/11

All Science Journal Classification (ASJC) codes

  • Hardware and Architecture
  • Software

Fingerprint Dive into the research topics of 'Proactive blacklisting for malicious web sites by reputation evaluation based on domain and IP address registration'. Together they form a unique fingerprint.

  • Cite this

    Fukushima, Y., Hori, Y., & Sakurai, K. (2011). Proactive blacklisting for malicious web sites by reputation evaluation based on domain and IP address registration. In Proc. 10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. FCST 2011 (pp. 352-361). [6120839] (Proc. 10th IEEE Int. Conf. on Trust, Security and Privacy in Computing and Communications, TrustCom 2011, 8th IEEE Int. Conf. on Embedded Software and Systems, ICESS 2011, 6th Int. Conf. on FCST 2011). https://doi.org/10.1109/TrustCom.2011.46