Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
USS
2010
2010
Building a Dynamic Reputation System for DNS
The Domain Name System (DNS) is an essential protocol used by both legitimate Internet applications and cyber attacks. For example, botnets rely on DNS to support agile command and control infrastructures. An effective way to disrupt these attacks is to place malicious domains on a "blocklist" (or "blacklist") or to add a filtering rule in a firewall or network intrusion detection system. To evade such security countermeasures, attackers have used DNS agility, e.g., by using new domains daily to evade static blacklists and firewalls. In this paper we propose Notos, a dynamic reputation system for DNS. The premise of this system is that malicious, agile use of DNS has unique characteristics and can be distinguished from legitimate, professionally provisioned DNS services. Notos uses passive DNS query data and analyzes the network and zone features of domains. It builds models of known legitimate domains and malicious domains, and uses these models to compute a reput...
Real-time TrafficLegitimate Internet Applications | Malicious Domains | Network Intrusion Detection System | Operating System | USS 2010 |
Related Content
| Added | 15 Feb 2011 |
| Updated | 15 Feb 2011 |
| Type | Journal |
| Year | 2010 |
| Where | USS |
| Authors | Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, Nick Feamster |
Comments (0)
Researcher Info
|
