Collaborative Computing: Networking, Applications and Worksharing. 14th EAI International Conference, CollaborateCom 2018, Shanghai, China, December 1-3, 2018, Proceedings

Research Article

A Stacking Approach to Objectionable-Related Domain Names Identification by Passive DNS Traffic (Short Paper)

Download
99 downloads
  • @INPROCEEDINGS{10.1007/978-3-030-12981-1_20,
        author={Chen Zhao and Yongzheng Zhang and Tianning Zang and Zhizhou Liang and Yipeng Wang},
        title={A Stacking Approach to Objectionable-Related Domain Names Identification by Passive DNS Traffic (Short Paper)},
        proceedings={Collaborative Computing: Networking, Applications and Worksharing. 14th EAI International Conference, CollaborateCom 2018, Shanghai, China, December 1-3, 2018, Proceedings},
        proceedings_a={COLLABORATECOM},
        year={2019},
        month={2},
        keywords={Objectionable-related domain name Traffic analysis Convolutional neural network},
        doi={10.1007/978-3-030-12981-1_20}
    }
    
  • Chen Zhao
    Yongzheng Zhang
    Tianning Zang
    Zhizhou Liang
    Yipeng Wang
    Year: 2019
    A Stacking Approach to Objectionable-Related Domain Names Identification by Passive DNS Traffic (Short Paper)
    COLLABORATECOM
    Springer
    DOI: 10.1007/978-3-030-12981-1_20
Chen Zhao,*, Yongzheng Zhang,*, Tianning Zang,*, Zhizhou Liang, Yipeng Wang,*
    *Contact email: zhaochen@iie.ac.cn, zhangyongzheng@iie.ac.cn, zangtianning@iie.ac.cn, wangyipeng@iie.ac.cn

    Abstract

    Domain name classification is an important issue in the field of cyber security. Notice that objectionable-related domain names are one category of domain names that serve services such as gambling, pornography, etc. They are classified and even forbidden in some areas, some of these domain names may defraud visitors privacy and property. Timely and accurate identification of these domain names is significant for Internet content censorship and users security. In this work, we analyze the behavior of objectionable-related domain names from the real-world DNS traffic, finding that there exist evidently differences between objectionable-related domain names and none-objectionable ones. In this paper, we propose a stacking approach to objectionable-related domain names identification, VisSensor, that automatically extracts name features and latent visiting patterns of domain names from the DNS traffic and distinguishes objectionable-related ones. We integrate convolutional neural networks with fully-connected neural networks to collaborate features of different dimensions and improve experimental results. The accuracy of VisSensor is 88.48% with a false positive rate of . We also compared VisSensor with a public domain name tagging system, and our VisSensor performed better than the tagging system on the identification task of the objectionable-related domain names.