An Imbalanced Malicious Domains Detection Method Based on Passive DNS Traffic Analysis

Zhenyan Liu; Yifei Zeng; Pengfei Zhang; Jingfeng Xue; Ji Zhang; Jiangtao Liu

doi:10.1155/2018/6510381

An Imbalanced Malicious Domains Detection Method Based on Passive DNS Traffic Analysis

Zhenyan Liu^*, Yifei Zeng, Pengfei Zhang, Jingfeng Xue, Ji Zhang, Jiangtao Liu

^*Corresponding author for this work

School of Computer Science and Technology

Beijing Institute of Technology

Research output: Contribution to journal › Article › peer-review

14 Citations (Scopus)

Abstract

Although existing malicious domains detection techniques have shown great success in many real-world applications, the problem of learning from imbalanced data is rarely concerned with this day. But the actual DNS traffic is inherently imbalanced; thus how to build malicious domains detection model oriented to imbalanced data is a very important issue worthy of study. This paper proposes a novel imbalanced malicious domains detection method based on passive DNS traffic analysis, which can effectively deal with not only the between-class imbalance problem but also the within-class imbalance problem. The experiments show that this proposed method has favorable performance compared to the existing algorithms.

Original language	English
Article number	6510381
Journal	Security and Communication Networks
Volume	2018
DOIs	https://doi.org/10.1155/2018/6510381
Publication status	Published - 20 Jun 2018

Access to Document

10.1155/2018/6510381

Cite this

@article{7c5dcf990740456b91d85c070db03668,

title = "An Imbalanced Malicious Domains Detection Method Based on Passive DNS Traffic Analysis",

abstract = "Although existing malicious domains detection techniques have shown great success in many real-world applications, the problem of learning from imbalanced data is rarely concerned with this day. But the actual DNS traffic is inherently imbalanced; thus how to build malicious domains detection model oriented to imbalanced data is a very important issue worthy of study. This paper proposes a novel imbalanced malicious domains detection method based on passive DNS traffic analysis, which can effectively deal with not only the between-class imbalance problem but also the within-class imbalance problem. The experiments show that this proposed method has favorable performance compared to the existing algorithms.",

author = "Zhenyan Liu and Yifei Zeng and Pengfei Zhang and Jingfeng Xue and Ji Zhang and Jiangtao Liu",

note = "Publisher Copyright: {\textcopyright} 2018 Zhenyan Liu et al.",

year = "2018",

month = jun,

day = "20",

doi = "10.1155/2018/6510381",

language = "English",

volume = "2018",

journal = "Security and Communication Networks",

issn = "1939-0114",

publisher = "Hindawi Limited",

}

TY - JOUR

T1 - An Imbalanced Malicious Domains Detection Method Based on Passive DNS Traffic Analysis

AU - Liu, Zhenyan

AU - Zeng, Yifei

AU - Zhang, Pengfei

AU - Xue, Jingfeng

AU - Zhang, Ji

AU - Liu, Jiangtao

PY - 2018/6/20

Y1 - 2018/6/20

N2 - Although existing malicious domains detection techniques have shown great success in many real-world applications, the problem of learning from imbalanced data is rarely concerned with this day. But the actual DNS traffic is inherently imbalanced; thus how to build malicious domains detection model oriented to imbalanced data is a very important issue worthy of study. This paper proposes a novel imbalanced malicious domains detection method based on passive DNS traffic analysis, which can effectively deal with not only the between-class imbalance problem but also the within-class imbalance problem. The experiments show that this proposed method has favorable performance compared to the existing algorithms.

AB - Although existing malicious domains detection techniques have shown great success in many real-world applications, the problem of learning from imbalanced data is rarely concerned with this day. But the actual DNS traffic is inherently imbalanced; thus how to build malicious domains detection model oriented to imbalanced data is a very important issue worthy of study. This paper proposes a novel imbalanced malicious domains detection method based on passive DNS traffic analysis, which can effectively deal with not only the between-class imbalance problem but also the within-class imbalance problem. The experiments show that this proposed method has favorable performance compared to the existing algorithms.

UR - http://www.scopus.com/inward/record.url?scp=85053013987&partnerID=8YFLogxK

U2 - 10.1155/2018/6510381

DO - 10.1155/2018/6510381

M3 - Article

AN - SCOPUS:85053013987

SN - 1939-0114

VL - 2018

JO - Security and Communication Networks

JF - Security and Communication Networks

M1 - 6510381

ER -

An Imbalanced Malicious Domains Detection Method Based on Passive DNS Traffic Analysis

Abstract

Access to Document

Other files and links

Fingerprint

Cite this