Abstract:
We present nDEWS, a Hadoop-based automatic early warning system of malicious domains for domain name registry operators, such as top-level domain (TLD) registries. By mon...Show MoreMetadata
Abstract:
We present nDEWS, a Hadoop-based automatic early warning system of malicious domains for domain name registry operators, such as top-level domain (TLD) registries. By monitoring an entire DNS zone, nDEWS is able to single out newly added suspicious domains by analyzing both domain registration and global DNS lookup patterns of a TLD. nDEWS is capable to detect several types of domain abuse, such as malware, phishing, and allegedly fraudulent web shops. To act on this data, we have established a pilot study with two major .nl registrars, and provide them with daily feeds of their respective suspicious domains. Moreover, nDEWS can also be implemented by other TLD operators/registries.
Date of Conference: 25-29 April 2016
Date Added to IEEE Xplore: 04 July 2016
Electronic ISBN:978-1-5090-0223-8
Electronic ISSN: 2374-9709