Paper Info
Title
Crossing the threshold: Detecting network malfeasance via sequential hypothesis testing
Abstract
The domain name system plays a vital role in the dependability and security of modern network. Unfortunately, it has also been widely misused for nefarious activities. Recently, attackers have turned their attention to the use of algorithmically generated domain names (AGDs) in an effort to circumvent network defenses. However, because such domain names are increasingly being used in benign applications, this transition has significant implications for techniques that classify AGDs based solely on the format of a domain name. To highlight the challenges they face, we examine contemporary approaches and demonstrate their limitations. We address these shortcomings by proposing an online form of sequential hypothesis testing that classifies clients based solely on the non-existent (NX) responses they elicit. Our evaluations on real-world data show that we outperform existing approaches, and for the vast majority of cases, we detect malware before they are able to successfully rendezvous with their command and control centers.
Year
DOI
Venue
2013
10.1109/DSN.2013.6575364
DSN
Keywords
Field
DocType
real-world data,control center,benign application,contemporary approach,detecting network malfeasance,online form,network defenses,domain name system,sequential hypothesis testing,domain name,nefarious activity,modern network,network security,computer network security,engines,internet
Dependability,Command and control,Computer security,Computer science,Network security,Domain Name System,Real-time computing,Rendezvous,Malware,Sequential analysis,The Internet,Distributed computing
Conference
ISSN
Citations 
PageRank 
1530-0889
9
0.50
References 
Authors
14
4
Name
Order
Citations
PageRank
Srinivas Krishnan1945.96
Teryl Taylor2304.87
Fabian Monrose33448257.07
John McHugh490.50