1 research outputs found
Investigating the Agility Bias in DNS Graph Mining
The concept of agile domain name system (DNS) refers to dynamic and rapidly
changing mappings between domain names and their Internet protocol (IP)
addresses. This empirical paper evaluates the bias from this kind of agility
for DNS-based graph theoretical data mining applications. By building on two
conventional metrics for observing malicious DNS agility, the agility bias is
observed by comparing bipartite DNS graphs to different subgraphs from which
vertices and edges are removed according to two criteria. According to an
empirical experiment with two longitudinal DNS datasets, irrespective of the
criterion, the agility bias is observed to be severe particularly regarding the
effect of outlying domains hosted and delivered via content delivery networks
and cloud computing services. With these observations, the paper contributes to
the research domains of cyber security and DNS mining. In a larger context of
applied graph mining, the paper further elaborates the practical concerns
related to the learning of large and dynamic bipartite graphs.Comment: Proceedings of the 17th IEEE International Conference on Computer and
Information Technology (CIT 2017), pp. 253--260, Helsinki, IEE