Clustering Malicious DNS Queries for Blacklist-Based Detection

Satoh,  Akihiro; Nakamura,  Yutaka; Nobayashi,  Daiki; Sasai,  Kazuto; Kitagata,  Gen; Ikenaga,  Takeshi

doi:info:doi/10.1587/transinf.2018EDL8211

WEKO3

lat lon distance

[[sub_check.contents]]

[[sub_radio.contents]]

Field does not validate

[[sub_attr.contents]]　

インデックスツリー

アイテム

{"_buckets": {"deposit": "15429e4c-585b-434c-a545-f8996f364517"}, "_deposit": {"created_by": 3, "id": "6437", "owners": [3], "pid": {"revision_id": 0, "type": "depid", "value": "6437"}, "status": "published"}, "_oai": {"id": "oai:kyutech.repo.nii.ac.jp:00006437", "sets": ["24"]}, "author_link": ["25154", "19491", "27948", "27013", "27012", "8847"], "item_21_biblio_info_6": {"attribute_name": "書誌情報", "attribute_value_mlt": [{"bibliographicIssueDates": {"bibliographicIssueDate": "2019-07-01", "bibliographicIssueDateType": "Issued"}, "bibliographicIssueNumber": "7", "bibliographicPageEnd": "1407", "bibliographicPageStart": "1404", "bibliographicVolumeNumber": "E102.D", "bibliographic_titles": [{"bibliographic_title": "IEICE Transactions on Information and Systems "}]}]}, "item_21_description_4": {"attribute_name": "抄録", "attribute_value_mlt": [{"subitem_description": "Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.", "subitem_description_type": "Abstract"}]}, "item_21_description_60": {"attribute_name": "資源タイプ", "attribute_value_mlt": [{"subitem_description": "Journal Article", "subitem_description_type": "Other"}]}, "item_21_link_62": {"attribute_name": "研究者情報", "attribute_value_mlt": [{"subitem_link_text": "https://hyokadb02.jimu.kyutech.ac.jp/html/81_ja.html", "subitem_link_url": "https://hyokadb02.jimu.kyutech.ac.jp/html/81_ja.html"}]}, "item_21_publisher_7": {"attribute_name": "出版者", "attribute_value_mlt": [{"subitem_publisher": "電子情報通信学会"}]}, "item_21_relation_12": {"attribute_name": "DOI", "attribute_value_mlt": [{"subitem_relation_type": "isIdenticalTo", "subitem_relation_type_id": {"subitem_relation_type_id_text": "info:doi/10.1587/transinf.2018EDL8211", "subitem_relation_type_select": "DOI"}}]}, "item_21_relation_14": {"attribute_name": "情報源", "attribute_value_mlt": [{"subitem_relation_name": [{"subitem_relation_name_text": "https://doi.org/10.1587/transinf.2018EDL8211"}], "subitem_relation_type_id": {"subitem_relation_type_id_text": "https://doi.org/10.1587/transinf.2018EDL8211", "subitem_relation_type_select": "DOI"}}]}, "item_21_relation_66": {"attribute_name": "論文ID（NAID）", "attribute_value_mlt": [{"subitem_relation_type": "isIdenticalTo", "subitem_relation_type_id": {"subitem_relation_type_id_text": "http://ci.nii.ac.jp/naid/130007671324", "subitem_relation_type_select": "NAID"}}]}, "item_21_rights_13": {"attribute_name": "権利", "attribute_value_mlt": [{"subitem_rights": "Copyright (c) 2019 The Institute of Electronics, Information and Communication Engineers"}]}, "item_21_select_59": {"attribute_name": "査読の有無", "attribute_value_mlt": [{"subitem_select_item": "yes"}]}, "item_21_source_id_10": {"attribute_name": "書誌レコードID", "attribute_value_mlt": [{"subitem_source_identifier": "AA10826272", "subitem_source_identifier_type": "NCID"}]}, "item_21_source_id_8": {"attribute_name": "ISSN", "attribute_value_mlt": [{"subitem_source_identifier": "1745-1361", "subitem_source_identifier_type": "ISSN"}, {"subitem_source_identifier": "0916-8532", "subitem_source_identifier_type": "ISSN"}]}, "item_21_subject_16": {"attribute_name": "日本十進分類法", "attribute_value_mlt": [{"subitem_subject": "548", "subitem_subject_scheme": "NDC"}]}, "item_21_text_28": {"attribute_name": "論文ID（連携）", "attribute_value_mlt": [{"subitem_text_value": "10350265"}]}, "item_21_text_36": {"attribute_name": "著者所属", "attribute_value_mlt": [{"subitem_text_value": "Kyushu Institute of Technology, Kitakyushu-shi, 804–8550 Japan."}, {"subitem_text_value": "Kyushu Institute of Technology, Kitakyushu-shi, 804–8550 Japan."}, {"subitem_text_value": "Kyushu Institute of Technology, Kitakyushu-shi, 804–8550 Japan."}, {"subitem_text_value": "Ibaraki University, Hitachi-shi, 316–8511 Japan."}, {"subitem_text_value": "Tohoku University, Sendai-shi, 980–8577 Japan."}, {"subitem_text_value": "Kyushu Institute of Technology, Kitakyushu-shi, 804–8550 Japan."}]}, "item_21_text_63": {"attribute_name": "連携ID", "attribute_value_mlt": [{"subitem_text_value": "8145"}]}, "item_21_version_type_58": {"attribute_name": "著者版フラグ", "attribute_value_mlt": [{"subitem_version_resource": "http://purl.org/coar/version/c_970fb48d4fbd8a85", "subitem_version_type": "VoR"}]}, "item_creator": {"attribute_name": "著者", "attribute_type": "creator", "attribute_value_mlt": [{"creatorNames": [{"creatorName": "Satoh,  Akihiro"}], "nameIdentifiers": [{"nameIdentifier": "27948", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "30609376", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://nrid.nii.ac.jp/ja/nrid/1000030609376/"}, {"nameIdentifier": "55437344000", "nameIdentifierScheme": "Scopus著者ID", "nameIdentifierURI": "https://www.scopus.com/authid/detail.uri?authorId=55437344000"}, {"nameIdentifier": "0000-0003-3178-1041", "nameIdentifierScheme": "ORCiD", "nameIdentifierURI": "https://orcid.org/0000-0003-3178-1041"}, {"nameIdentifier": "100000049", "nameIdentifierScheme": "九工大研究者情報", "nameIdentifierURI": "https://hyokadb02.jimu.kyutech.ac.jp/html/100000049_ja.html"}]}, {"creatorNames": [{"creatorName": "Nakamura,  Yutaka"}], "nameIdentifiers": [{"nameIdentifier": "8847", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "40346317", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://nrid.nii.ac.jp/ja/nrid/1000040346317/"}, {"nameIdentifier": "56393278900", "nameIdentifierScheme": "Scopus著者ID", "nameIdentifierURI": "https://www.scopus.com/authid/detail.uri?authorId=56393278900"}, {"nameIdentifier": "367", "nameIdentifierScheme": "九工大研究者情報", "nameIdentifierURI": "https://hyokadb02.jimu.kyutech.ac.jp/html/367_ja.html"}]}, {"creatorNames": [{"creatorName": "Nobayashi,  Daiki"}], "nameIdentifiers": [{"nameIdentifier": "25154", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "40632906", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://nrid.nii.ac.jp/ja/nrid/1000040632906/"}, {"nameIdentifier": "24476552900", "nameIdentifierScheme": "Scopus著者ID", "nameIdentifierURI": "https://www.scopus.com/authid/detail.uri?authorId=24476552900"}, {"nameIdentifier": "100000507", "nameIdentifierScheme": "九工大研究者情報", "nameIdentifierURI": "https://hyokadb02.jimu.kyutech.ac.jp/html/100000507_ja.html"}]}, {"creatorNames": [{"creatorName": "Sasai,  Kazuto"}], "nameIdentifiers": [{"nameIdentifier": "27012", "nameIdentifierScheme": "WEKO"}]}, {"creatorNames": [{"creatorName": "Kitagata,  Gen"}], "nameIdentifiers": [{"nameIdentifier": "27013", "nameIdentifierScheme": "WEKO"}]}, {"creatorNames": [{"creatorName": "Ikenaga,  Takeshi"}], "nameIdentifiers": [{"nameIdentifier": "19491", "nameIdentifierScheme": "WEKO"}, {"nameIdentifier": "50284716", "nameIdentifierScheme": "e-Rad", "nameIdentifierURI": "https://nrid.nii.ac.jp/ja/nrid/1000050284716/"}, {"nameIdentifier": "55722538000", "nameIdentifierScheme": "Scopus著者ID", "nameIdentifierURI": "https://www.scopus.com/authid/detail.uri?authorId=55722538000"}, {"nameIdentifier": "0000-0001-9022-0813", "nameIdentifierScheme": "ORCiD", "nameIdentifierURI": "https://orcid.org/0000-0001-9022-0813"}, {"nameIdentifier": "81", "nameIdentifierScheme": "九工大研究者情報", "nameIdentifierURI": "https://hyokadb02.jimu.kyutech.ac.jp/html/81_ja.html"}]}]}, "item_files": {"attribute_name": "ファイル情報", "attribute_type": "file", "attribute_value_mlt": [{"accessrole": "open_date", "date": [{"dateType": "Available", "dateValue": "2020-03-05"}], "displaytype": "detail", "download_preview_message": "", "file_order": 0, "filename": "transinf.2018EDL8211.pdf", "filesize": [{"value": "177.4 kB"}], "format": "application/pdf", "future_date_message": "", "is_thumbnail": false, "licensetype": "license_free", "mimetype": "application/pdf", "size": 177400.0, "url": {"label": "transinf.2018EDL8211.pdf", "url": "https://kyutech.repo.nii.ac.jp/record/6437/files/transinf.2018EDL8211.pdf"}, "version_id": "c8068f58-3fd0-4cab-b490-5031b4c43a2a"}]}, "item_keyword": {"attribute_name": "キーワード", "attribute_value_mlt": [{"subitem_subject": "malware", "subitem_subject_scheme": "Other"}, {"subitem_subject": "blacklist", "subitem_subject_scheme": "Other"}, {"subitem_subject": "DNS query", "subitem_subject_scheme": "Other"}, {"subitem_subject": "machine learning", "subitem_subject_scheme": "Other"}]}, "item_language": {"attribute_name": "言語", "attribute_value_mlt": [{"subitem_language": "eng"}]}, "item_resource_type": {"attribute_name": "資源タイプ", "attribute_value_mlt": [{"resourcetype": "journal article", "resourceuri": "http://purl.org/coar/resource_type/c_6501"}]}, "item_title": "Clustering Malicious DNS Queries for Blacklist-Based Detection", "item_titles": {"attribute_name": "タイトル", "attribute_value_mlt": [{"subitem_title": "Clustering Malicious DNS Queries for Blacklist-Based Detection"}]}, "item_type_id": "21", "owner": "3", "path": ["24"], "permalink_uri": "http://hdl.handle.net/10228/00007647", "pubdate": {"attribute_name": "公開日", "attribute_value": "2020-03-05"}, "publish_date": "2020-03-05", "publish_status": "0", "recid": "6437", "relation": {}, "relation_version_is_last": true, "title": ["Clustering Malicious DNS Queries for Blacklist-Based Detection"], "weko_shared_id": 3}

Clustering Malicious DNS Queries for Blacklist-Based Detection

http://hdl.handle.net/10228/00007647

名前 / ファイル	ライセンス	アクション
transinf.2018EDL8211.pdf (177.4 kB)

Item type

学術雑誌論文 = Journal Article(1)

公開日

2020-03-05

タイトル

Clustering Malicious DNS Queries for Blacklist-Based Detection

言語

eng

資源タイプ

資源タイプ識別子

http://purl.org/coar/resource_type/c_6501

資源タイプ

journal article

著者

Satoh, Akihiro

WEKO 27948
e-Rad 30609376
Scopus著者ID 55437344000
ORCiD 0000-0003-3178-1041
九工大研究者情報 100000049

	Satoh, Akihiro

Search repository

Nakamura, Yutaka

WEKO 8847
e-Rad 40346317
Scopus著者ID 56393278900
九工大研究者情報 367

	Nakamura, Yutaka

Search repository

Nobayashi, Daiki

WEKO 25154
e-Rad 40632906
Scopus著者ID 24476552900
九工大研究者情報 100000507

	Nobayashi, Daiki

WEKO 19491
e-Rad 50284716
Scopus著者ID 55722538000
ORCiD 0000-0001-9022-0813
九工大研究者情報 81

	Ikenaga, Takeshi

Search repository

抄録

内容記述タイプ

Abstract

内容記述

Some of the most serious threats to network security involve malware. One common way to detect malware-infected machines in a network is by monitoring communications based on blacklists. However, such detection is problematic because (1) no blacklist is completely reliable, and (2) blacklists do not provide the sufficient evidence to allow administrators to determine the validity and accuracy of the detection results. In this paper, we propose a malicious DNS query clustering approach for blacklist-based detection. Unlike conventional classification, our cause-based classification can efficiently analyze malware communications, allowing infected machines in the network to be addressed swiftly.

書誌情報

IEICE Transactions on Information and Systems

巻 E102.D, 号 7, p. 1404-1407, 発行日 2019-07-01

出版者

電子情報通信学会

ISSN

収録物識別子タイプ

ISSN

収録物識別子

1745-1361

ISSN

収録物識別子タイプ

ISSN

収録物識別子

0916-8532

NCID

収録物識別子タイプ

NCID

収録物識別子

AA10826272

DOI

Versions

Ver.1

2023-05-15 14:04:01.433761

Show All versions

Cite as

エクスポート

OAI-PMH

JPCOAR
DublinCore
DDI

Other Formats

JSON
BIBTEX

インデックスリンク

インデックスツリー

アイテム

Clustering Malicious DNS Queries for Blacklist-Based Detection

× Satoh, Akihiro

× Nakamura, Yutaka

× Nobayashi, Daiki

× Sasai, Kazuto

× Kitagata, Gen

× Ikenaga, Takeshi

Versions

Share

Cite as

エクスポート