TY - GEN
T1 - Detection of malicious DNS and web servers using graph-based approaches
AU - Jia, Jinyuan
AU - Dong, Zheng
AU - Li, Jie
AU - Stokesy, Jack W.
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - The DNS hijacking attack represents a significant threat to users. In this type of attack, a malicious DNS server redirects a victim domain to an attacker-controlled web server. Existing defenses are not scalable and have not been widely deployed. In this work, we propose both unsupervised and semi-supervised defenses based on the available knowledge of the defender. Specifically, our unsupervised defense is a graph-based detection approach employing a new variant of the community detection algorithm. When the IP addresses of several compromised DNS servers are available, we also propose a semi-supervised defense for the detection of compromised or malicious web servers which host the web content. We evaluate our defenses on a real-world attack. The experimental results show that our defenses can successfully identify these malicious web servers and/or DNS server IPs. Moreover, we find that a deep learningbased algorithm, i.e., node2vec, outperforms one which employs belief propagation.
AB - The DNS hijacking attack represents a significant threat to users. In this type of attack, a malicious DNS server redirects a victim domain to an attacker-controlled web server. Existing defenses are not scalable and have not been widely deployed. In this work, we propose both unsupervised and semi-supervised defenses based on the available knowledge of the defender. Specifically, our unsupervised defense is a graph-based detection approach employing a new variant of the community detection algorithm. When the IP addresses of several compromised DNS servers are available, we also propose a semi-supervised defense for the detection of compromised or malicious web servers which host the web content. We evaluate our defenses on a real-world attack. The experimental results show that our defenses can successfully identify these malicious web servers and/or DNS server IPs. Moreover, we find that a deep learningbased algorithm, i.e., node2vec, outperforms one which employs belief propagation.
UR - https://www.scopus.com/pages/publications/85115199186
UR - https://www.scopus.com/pages/publications/85115199186#tab=citedBy
U2 - 10.1109/ICASSP39728.2021.9415092
DO - 10.1109/ICASSP39728.2021.9415092
M3 - Conference contribution
AN - SCOPUS:85115199186
T3 - ICASSP, IEEE International Conference on Acoustics, Speech and Signal Processing - Proceedings
SP - 2625
EP - 2629
BT - 2021 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2021 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2021 IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2021
Y2 - 6 June 2021 through 11 June 2021
ER -