Sciweavers

USS
2010

Building a Dynamic Reputation System for DNS

13 years 10 months ago
Building a Dynamic Reputation System for DNS
The Domain Name System (DNS) is an essential protocol used by both legitimate Internet applications and cyber attacks. For example, botnets rely on DNS to support agile command and control infrastructures. An effective way to disrupt these attacks is to place malicious domains on a "blocklist" (or "blacklist") or to add a filtering rule in a firewall or network intrusion detection system. To evade such security countermeasures, attackers have used DNS agility, e.g., by using new domains daily to evade static blacklists and firewalls. In this paper we propose Notos, a dynamic reputation system for DNS. The premise of this system is that malicious, agile use of DNS has unique characteristics and can be distinguished from legitimate, professionally provisioned DNS services. Notos uses passive DNS query data and analyzes the network and zone features of domains. It builds models of known legitimate domains and malicious domains, and uses these models to compute a reput...
Manos Antonakakis, Roberto Perdisci, David Dagon,
Added 15 Feb 2011
Updated 15 Feb 2011
Type Journal
Year 2010
Where USS
Authors Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, Nick Feamster
Comments (0)