1 research outputs found
A Survey on Malicious Domains Detection through DNS Data Analysis
Malicious domains are one of the major resources required for adversaries to
run attacks over the Internet. Due to the important role of the Domain Name
System (DNS), extensive research has been conducted to identify malicious
domains based on their unique behavior reflected in different phases of the
life cycle of DNS queries and responses. Existing approaches differ
significantly in terms of intuitions, data analysis methods as well as
evaluation methodologies. This warrants a thorough systematization of the
approaches and a careful review of the advantages and limitations of every
group.
In this paper, we perform such an analysis. In order to achieve this goal, we
present the necessary background knowledge on DNS and malicious activities
leveraging DNS. We describe a general framework of malicious domain detection
techniques using DNS data. Applying this framework, we categorize existing
approaches using several orthogonal viewpoints, namely (1) sources of DNS data
and their enrichment, (2) data analysis methods, and (3) evaluation strategies
and metrics. In each aspect, we discuss the important challenges that the
research community should address in order to fully realize the power of DNS
data analysis to fight against attacks leveraging malicious domains.Comment: 35 pages, to appear in ACM CSU