Flux domain is one of the most active threat vectors and its behavior keeps changing to evade existing detection measures. In order to differentiate the malicious flux domains from legitimate ones such as content delivery network (CDN) and network time protocol (NTP) services that have similar behavior, a novel time series model is created with a set of features that are not only focused on domain name system (DNS) time-to-live (TTL) but on loyalty and entropy of DNS resource records. An offline system is built with big data technology for training the model in a semi-supervised mode. In addition, an online platform is designed and developed to support large throughput real-time DNS streaming data processing with advanced analytics technologies. The feature extraction, classification, accuracy and performance are discussed based on large amount of real world DNS data in this paper. © 2014 Springer International Publishing Switzerland.
CITATION STYLE
Yu, B., Smith, L., & Threefoot, M. (2014). Semi-supervised time series modeling for real-time flux domain detection on passive dns traffic. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8556 LNAI, pp. 258–271). Springer Verlag. https://doi.org/10.1007/978-3-319-08979-9_20
Mendeley helps you to discover research relevant for your work.