Kyutacarは九州工業大学で生産された研究成果を オープンアクセスで提供する機関リポジトリシステムです。 Kyutacar is open-access repository of research by members of the Kyushu Institute of Technology.
Kyushu Institute of Technology, Kitakyushu-shi, 804–8550 Japan.
Kyushu Institute of Technology, Kitakyushu-shi, 804–8550 Japan.
Kyushu Institute of Technology, Kitakyushu-shi, 804–8550 Japan.
Ibaraki University, Hitachi-shi, 316–8511 Japan.
Tohoku University, Sendai-shi, 980–8577 Japan.
Kyushu Institute of Technology, Kitakyushu-shi, 804–8550 Japan.
抄録
Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.
雑誌名
IEICE Transactions on Information and Systems
巻
E102.D
号
7
ページ
1404 - 1407
発行年
2019-07-01
出版者
電子情報通信学会
ISSN
1745-1361
0916-8532
書誌レコードID
AA10826272
DOI
info:doi/10.1587/transinf.2018EDL8211
権利
Copyright (c) 2019 The Institute of Electronics, Information and Communication Engineers
Clustering Malicious DNS Queries for Blacklist-Based Detection
transinf.2018EDL8211.pdf
(177.4KB)
