University of Twente Student Theses

Login

Analysis of malicious domains using active DNS data provided by blacklists

Tolud, R. (2020) Analysis of malicious domains using active DNS data provided by blacklists.

[img] PDF
5MB
Abstract:The domain name service provides us with a number of benign services, which can sometimes also be misused for malicious intent, such as: spreading malware, setting up command and control, distributing spam e-mail, hosting spam and phishing websites these domains are considered bad domains. In order to identify these bad domains, many approaches have been proposed. However, one of the most promising ones is the use of active DNS data, due to the fact that the active DNS data provides a more complete view of the domain space and not just from the individual user level perspective. These bad domains are made available through the use of blacklists. By analyzing active DNS data collected from blacklists we would make a comparison of these bad domains to see if they share any properties which can make for a useful profile or signature. This newly found signature or profile could then be used to assist in identifying unlisted malicious domains using the Open Intel dataset.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Programme:Electrical Engineering MSc (60353)
Link to this item:http://purl.utwente.nl/essays/80740
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page