University of Twente Student Theses


Analysis of malicious domains using active DNS data provided by blacklists

Tolud, R. (2020) Analysis of malicious domains using active DNS data provided by blacklists.

[img] PDF
Abstract:The domain name service provides us with a number of benign services, which can sometimes also be misused for malicious intent, such as: spreading malware, setting up command and control, distributing spam e-mail, hosting spam and phishing websites these domains are considered bad domains. In order to identify these bad domains, many approaches have been proposed. However, one of the most promising ones is the use of active DNS data, due to the fact that the active DNS data provides a more complete view of the domain space and not just from the individual user level perspective. These bad domains are made available through the use of blacklists. By analyzing active DNS data collected from blacklists we would make a comparison of these bad domains to see if they share any properties which can make for a useful profile or signature. This newly found signature or profile could then be used to assist in identifying unlisted malicious domains using the Open Intel dataset.
Item Type:Essay (Master)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Programme:Electrical Engineering MSc (60353)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page