Litcius/Paper detail

Detection Of Malicious DNS and Web Servers using Graph-Based Approaches

Jinyuan Jia, Zheng Dong, Jie Li, Jack W. Stokes

202112 citationsDOI

Abstract

The DNS hijacking attack represents a significant threat to users. In this type of attack, a malicious DNS server redirects a victim domain to an attacker-controlled web server. Existing defenses are not scalable and have not been widely deployed. In this work, we propose both unsupervised and semi-supervised defenses based on the available knowledge of the defender. Specifically, our unsupervised defense is a graph-based detection approach employing a new variant of the community detection algorithm. When the IP addresses of several compromised DNS servers are available, we also propose a semi-supervised defense for the detection of compromised or malicious web servers which host the web content. We evaluate our defenses on a real-world attack. The experimental results show that our defenses can successfully identify these malicious web servers and/or DNS server IPs. Moreover, we find that a deep learning-based algorithm, i.e., node2vec, outperforms one which employs belief propagation.

Topics & Concepts

ServerComputer scienceScalabilityWeb serverDomain Name SystemRound-robin DNSComputer networkThe InternetComputer securityWorld Wide WebDatabaseNetwork Security and Intrusion DetectionSpam and Phishing DetectionInternet Traffic Analysis and Secure E-voting