Please use this identifier to cite or link to this item: https://idr.l3.nitk.ac.in/jspui/handle/123456789/8453
Title: MalDetect: A Framework to detect Fast Flux Domains
Authors: Mahesh
Chandavarkar, B.R.
Issue Date: 2019
Citation: 2018 IEEE Distributed Computing, VLSI, Electrical Circuits and Robotics, DISCOVER 2018 - Proceedings, 2019, Vol., , pp.141-146
Abstract: Performing passive or active attacks through malware-infected systems (bots) by hiding the identity of an attacker, referred to as fast flux is one of the common threat in the context of security. With the connectivity of millions of unsecured systems to networks, detecting fast-flux based attack is one of the major challenge to the industry. This paper presents, a framework which discriminates fast flux domains from Content Distribution Network (CDN) in real-time. The proposed framework embeds features such as, DNS query response, Geographical-location of IP addresses, network distinction and delay in our framework to detect the fast flux domains. Our model has been evaluated using five different machine learning algorithms and out of which, the Random Forest (RF) algorithm performed the best with an F1 score of 0.9915 and Matthews Correlation Coefficient of 0.9672. We also did experimentation on different feature sets individually to identify the best performing feature set in detecting the fast flux domains. We observed Geographical location-based feature set outperformed than the other feature set with a significant accuracy and precision. � 2018 IEEE.
URI: http://idr.nitk.ac.in/jspui/handle/123456789/8453
Appears in Collections:2. Conference Papers

Files in This Item:
There are no files associated with this item.


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.