Abstract
This short exploratory empirical paper examines a question of how important the Internet protocol (IP) addresses of name servers are in linking together Internet domains that have distributed malware or otherwise having been associated with malicious computer networks. By using the domain name system (DNS) for building a relational representation, the found importance is elaborated with a dataset comprised of nearly sixty thousand domains. Besides the empirical exploration related to these domains, the paper provides a stylized discussion on the construction of empirical DNS graphs, including the concrete reduction and learning of the observed malware graph. With these two deliverables, the paper contributes to the active research field of DNS mining, further pinpointing a number of relevant research challenges for applications of complex network analysis for studying computer networking and cyber security.
| Original language | English |
|---|---|
| Title of host publication | 2016 IEEE 4TH INTERNATIONAL CONFERENCE ON FUTURE INTERNET OF THINGS AND CLOUD WORKSHOPS (FICLOUDW) |
| Editors | M Younas, Awan, J ElHaddad |
| Publisher | IEEE |
| Pages | 264-269 |
| Number of pages | 6 |
| DOIs | |
| Publication status | Published - 22 Aug 2016 |
| Externally published | Yes |
| Publication type | A4 Article in conference proceedings |
| Event | IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW) - Vienna, Austria Duration: 22 Aug 2016 → 24 Aug 2016 |
Conference
| Conference | IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW) |
|---|---|
| Country/Territory | Austria |
| City | Vienna |
| Period | 22/08/16 → 24/08/16 |
Keywords
- cyber security
- fast flux
- labeled network
- NETWORKS