基于词法的恶意域名检测方法综述

IF 1.8 4区 计算机科学 Q3 TELECOMMUNICATIONS
Cherifa Hamroun, Ahmed Amamou, Kamel Haddadou, Hayat Haroun, Guy Pujolle
{"title":"基于词法的恶意域名检测方法综述","authors":"Cherifa Hamroun,&nbsp;Ahmed Amamou,&nbsp;Kamel Haddadou,&nbsp;Hayat Haroun,&nbsp;Guy Pujolle","doi":"10.1007/s12243-024-01043-3","DOIUrl":null,"url":null,"abstract":"<div><p>Nowadays, domain names are becoming crucial digital assets for any business. However, the media never stopped reporting phishing and identity theft attacks held by third-party entities that rely on domain names to mislead Internet users. Thus, Palo Alto Networks revealed in their studies 20 largely cyber-squatted domain names targeting popular brands. Based on their behavior, domain names appear in public lists that objectively evaluate their reputation. Blacklists contain domain names that have previously committed suspicious acts, whereas whitelists include the most popular and trustworthy domain names. For a long time, this listing technique has been used as a reactive approach to counter domain name-based attacks. However, it suffers from the limitation of responding late to attacks. Nowadays, techniques tend to be much more proactive. They operate before any attack occurs. As part of the CSNET conference, we published a short paper that describes a plethora of domain name attacks and their associated detection techniques using their lexical features (Hamroun et al. 2022). In this paper, we present an extended version of the original one which discusses the previously mentioned points in more detail and adds some elements of understanding when it comes to malicious domain name detection. Hence, we provide a literature review of malicious domain name detection techniques that use only the lexical features of domain names. These features are available, privacy-preserving, and highly improve detection results. The review covers recent works that report relevant performance categorized according to a new taxonomy. Moreover, we introduce a new criterion for comparing all the existing works based on targeted maliciousness type before discussing the limitations and the newly emerging research directions in this field.</p></div>","PeriodicalId":50761,"journal":{"name":"Annals of Telecommunications","volume":"79 7-8","pages":"457 - 473"},"PeriodicalIF":1.8000,"publicationDate":"2024-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A review on lexical based malicious domain name detection methods\",\"authors\":\"Cherifa Hamroun,&nbsp;Ahmed Amamou,&nbsp;Kamel Haddadou,&nbsp;Hayat Haroun,&nbsp;Guy Pujolle\",\"doi\":\"10.1007/s12243-024-01043-3\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Nowadays, domain names are becoming crucial digital assets for any business. However, the media never stopped reporting phishing and identity theft attacks held by third-party entities that rely on domain names to mislead Internet users. Thus, Palo Alto Networks revealed in their studies 20 largely cyber-squatted domain names targeting popular brands. Based on their behavior, domain names appear in public lists that objectively evaluate their reputation. Blacklists contain domain names that have previously committed suspicious acts, whereas whitelists include the most popular and trustworthy domain names. For a long time, this listing technique has been used as a reactive approach to counter domain name-based attacks. However, it suffers from the limitation of responding late to attacks. Nowadays, techniques tend to be much more proactive. They operate before any attack occurs. As part of the CSNET conference, we published a short paper that describes a plethora of domain name attacks and their associated detection techniques using their lexical features (Hamroun et al. 2022). In this paper, we present an extended version of the original one which discusses the previously mentioned points in more detail and adds some elements of understanding when it comes to malicious domain name detection. Hence, we provide a literature review of malicious domain name detection techniques that use only the lexical features of domain names. These features are available, privacy-preserving, and highly improve detection results. The review covers recent works that report relevant performance categorized according to a new taxonomy. Moreover, we introduce a new criterion for comparing all the existing works based on targeted maliciousness type before discussing the limitations and the newly emerging research directions in this field.</p></div>\",\"PeriodicalId\":50761,\"journal\":{\"name\":\"Annals of Telecommunications\",\"volume\":\"79 7-8\",\"pages\":\"457 - 473\"},\"PeriodicalIF\":1.8000,\"publicationDate\":\"2024-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Annals of Telecommunications\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://link.springer.com/article/10.1007/s12243-024-01043-3\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"TELECOMMUNICATIONS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Annals of Telecommunications","FirstCategoryId":"94","ListUrlMain":"https://link.springer.com/article/10.1007/s12243-024-01043-3","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"TELECOMMUNICATIONS","Score":null,"Total":0}
引用次数: 0

摘要

如今,域名已成为任何企业的重要数字资产。然而,媒体从未停止报道第三方实体利用域名误导互联网用户的网络钓鱼和身份盗窃攻击。因此,Palo Alto Networks 在其研究中揭示了 20 个主要针对流行品牌的网络抢注域名。根据其行为,域名会出现在客观评价其声誉的公开名单中。黑名单中包含以前有过可疑行为的域名,而白名单则包括最受欢迎和最值得信赖的域名。长期以来,这种列表技术一直被用作应对域名攻击的被动方法。然而,这种方法存在对攻击反应较晚的局限性。现在的技术更倾向于主动出击。它们在任何攻击发生之前就开始运作。作为 CSNET 会议的一部分,我们发表了一篇短文,介绍了大量域名攻击及其使用词汇特征的相关检测技术(Hamroun 等人,2022 年)。在本文中,我们将对原始论文进行扩展,更详细地讨论之前提到的观点,并在恶意域名检测方面增加一些理解元素。因此,我们对仅使用域名词法特征的恶意域名检测技术进行了文献综述。这些特征是可用的,能保护隐私,并能极大地提高检测结果。该综述涵盖了根据新的分类标准报告相关性能的最新作品。此外,在讨论该领域的局限性和新出现的研究方向之前,我们还介绍了一种新的标准,用于比较所有基于目标恶意类型的现有工作。
本文章由计算机程序翻译,如有差异,请以英文原文为准。

A review on lexical based malicious domain name detection methods

A review on lexical based malicious domain name detection methods

Nowadays, domain names are becoming crucial digital assets for any business. However, the media never stopped reporting phishing and identity theft attacks held by third-party entities that rely on domain names to mislead Internet users. Thus, Palo Alto Networks revealed in their studies 20 largely cyber-squatted domain names targeting popular brands. Based on their behavior, domain names appear in public lists that objectively evaluate their reputation. Blacklists contain domain names that have previously committed suspicious acts, whereas whitelists include the most popular and trustworthy domain names. For a long time, this listing technique has been used as a reactive approach to counter domain name-based attacks. However, it suffers from the limitation of responding late to attacks. Nowadays, techniques tend to be much more proactive. They operate before any attack occurs. As part of the CSNET conference, we published a short paper that describes a plethora of domain name attacks and their associated detection techniques using their lexical features (Hamroun et al. 2022). In this paper, we present an extended version of the original one which discusses the previously mentioned points in more detail and adds some elements of understanding when it comes to malicious domain name detection. Hence, we provide a literature review of malicious domain name detection techniques that use only the lexical features of domain names. These features are available, privacy-preserving, and highly improve detection results. The review covers recent works that report relevant performance categorized according to a new taxonomy. Moreover, we introduce a new criterion for comparing all the existing works based on targeted maliciousness type before discussing the limitations and the newly emerging research directions in this field.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Annals of Telecommunications
Annals of Telecommunications 工程技术-电信学
CiteScore
5.20
自引率
5.30%
发文量
37
审稿时长
4.5 months
期刊介绍: Annals of Telecommunications is an international journal publishing original peer-reviewed papers in the field of telecommunications. It covers all the essential branches of modern telecommunications, ranging from digital communications to communication networks and the internet, to software, protocols and services, uses and economics. This large spectrum of topics accounts for the rapid convergence through telecommunications of the underlying technologies in computers, communications, content management towards the emergence of the information and knowledge society. As a consequence, the Journal provides a medium for exchanging research results and technological achievements accomplished by the European and international scientific community from academia and industry.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信