University of Twente Student Theses
Early Warning System for Newly Registered Malicious Domains : A Machine Learning and Certificate Transparency Approach
Berenschot, L. (2024) Early Warning System for Newly Registered Malicious Domains : A Machine Learning and Certificate Transparency Approach.
|
PDF
936kB |
| Abstract: | Cybercrime is a significant and growing threat, resulting in substantial financial losses annually. The Domain Name System (DNS) is often exploited for malicious activities, such as command and control servers, malware hosting, and phishing campaigns. This research investigates the feasibility of using machine learning in conjunction with Certificate Transparency (CT) logs to detect newly registered malicious domain names. By actively monitoring newly registered domains, we label domains as malicious or benign using blocklists and train a classifier to distinguish between them. Our classifier detects 44% of newly registered malicious domains with a false positive rate of 0.47%. Additionally, our classifier offers customizable precision and recall, allowing for an increase in the detection rate up to 79% at the cost of the false positive rate. The classifier can support registries and registrars in identifying potentially harmful domains. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/102379 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page