Abstract
Detecting malicious activities in cyber systems is a major challenge of cybersecurity service providers. Due to the large amount of network traffic, it is often likened to finding a needle in a haystack. Domain name system (DNS) is one of the fundamental protocols of the internet, and therefore it can give a broad view of those malicious activities, which abuse it and leave fingerprints as part of their attack vector. In this collaborative research between Ben-Gurion University, and IBM, a significant performance improvement was achieved in detecting malicious domains as compared to the state-of-the-art software solutions. Specifically, we establish a novel algorithm to detect malicious domains in large-scale DNS traffic, named Resource-Efficient Malicious Domain Detector (REMaDD), with the following desired properties. First, the algorithm does not require prior knowledge on historical malicious activities in its real-time operations. Second, the development used real live streaming data from The Inter-University Computation Center (IUCC), and operated on real-time IBM system. The algorithm is highly computational efficient and satisfies real-time requirements in terms of running time and computational complexity. REMaDD demonstrated strong performance in terms of both detection accuracy and computational efficiency as compared to existing algorithms. Specifically, experimental results on IBM production environment demonstrated that REMaDD achieved 89.4% Precision score, and 82.9% Recall score. By contrast, the DomainObserver, and LSTM.MI algorithms achieved only 76.7%, 67.2% Precision score, and 81.7%, 75.3% Recall score, respectively.
Highlights
Nowadays, modern society relies on the internet in many aspects of public services as well as private life
We focus on detecting unlimited types of malicious domains, as opposed to type-specific methods
Labeling domain name as malicious or benign might depend on a subjective perspective and can change in time, which makes the labeling phase a tricky mission when it comes to malicious domain detection in cyber security research
Summary
Modern society relies on the internet in many aspects of public services as well as private life. This reliance increases the exposure to cyber threats and raises many security challenges with respect to user privacy, integrity, and availability. These challenges have triggered the need to finding cyber security solutions to a variety of potential cyber attacks to ensure safe internet environment. The DNS is often abused by cyber criminals to launch different kinds of malicious activities. Since purchasing a domain name is very easy and accessible, The associate editor coordinating the review of this manuscript and approving it for publication was Yu-Chi Chen
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
