Detection of Malicious domains through lexical analysis

Abstract

Malicious domains play an important role for many malicious operations: For example, botnets use them for avoiding hard-coded IP addresses when connecting to command-and-control servers, and they are heavily used by criminals when distributing spam and phishing emails. Being able to identify malicious domains and block the harmful traffic is therefore one of the keys to create a more secure cyber environment. In this paper we demonstrate how the lexical analysis of domain names can contribute to increasing the precision and decreasing the number of false positives when combined with other basic domain features.