Publisher : International Journal of Applied Engineering Research
Campus : Coimbatore
Center : TIFAC CORE in Cyber Security
Year : 2015
Abstract : The Domain Name Service (DNS) is a distributed database responsible for mapping between host names and IP address. Recently, attackers rely heavily on domain names for performing various malicious activities, like managing botnet, that are used to carry out a large number of attacks. As a result, there have been many proposals that analyze DNS queries and responses to detect malicious domains and blacklist such domain names that are involved in malicious activities. Our proposal is a scoring based system to detect domain names that are malicious in nature. A large number of DNS queries and responses were collected and analyzed in order to find features that can distinguish domains that are malicious. Our system makes use of page ranking, SSL rating and various domain name based features to score the domains. Domains are given score on a scale of 0 to 10 where low score implies high level of malicious activity and high score implies benign domain. © Research India Publications.