Title | ||
---|---|---|
Crossing the threshold: Detecting network malfeasance via sequential hypothesis testing |
Abstract | ||
---|---|---|
The domain name system plays a vital role in the dependability and security of modern network. Unfortunately, it has also been widely misused for nefarious activities. Recently, attackers have turned their attention to the use of algorithmically generated domain names (AGDs) in an effort to circumvent network defenses. However, because such domain names are increasingly being used in benign applications, this transition has significant implications for techniques that classify AGDs based solely on the format of a domain name. To highlight the challenges they face, we examine contemporary approaches and demonstrate their limitations. We address these shortcomings by proposing an online form of sequential hypothesis testing that classifies clients based solely on the non-existent (NX) responses they elicit. Our evaluations on real-world data show that we outperform existing approaches, and for the vast majority of cases, we detect malware before they are able to successfully rendezvous with their command and control centers. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1109/DSN.2013.6575364 | DSN |
Keywords | Field | DocType |
real-world data,control center,benign application,contemporary approach,detecting network malfeasance,online form,network defenses,domain name system,sequential hypothesis testing,domain name,nefarious activity,modern network,network security,computer network security,engines,internet | Dependability,Command and control,Computer security,Computer science,Network security,Domain Name System,Real-time computing,Rendezvous,Malware,Sequential analysis,The Internet,Distributed computing | Conference |
ISSN | Citations | PageRank |
1530-0889 | 9 | 0.50 |
References | Authors | |
14 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Srinivas Krishnan | 1 | 94 | 5.96 |
Teryl Taylor | 2 | 30 | 4.87 |
Fabian Monrose | 3 | 3448 | 257.07 |
John McHugh | 4 | 9 | 0.50 |