Detecting malicious domains using the Splunk machine learning toolkit
Guardado en:
| Autores: | , |
|---|---|
| Formato: | comunicación de congreso |
| Fecha de Publicación: | 2022 |
| Descripción: | Malicious domains are often hidden amongst benign DNS requests. Given that DNS traffic is generally permitted, blocking malicious requests is a challenge for most network defenses. Using machine learning to classify DNS requests enables a scalable alternative to programmable blocklists. Studies in this field often reduce their dataset scope to a a single attack behavior. However, organizations are being hit by a myriad of attack patterns across multiple objectives, reducing the scope means closing the door to classifier operationalization in a real-world environment. In this paper, we propose a broader and more challenging scenario for our dataset by combining the four DNS malicious behaviors: malware, phishing, spam and botnet with legitimate domains samples. We use Splunk and its Machine Learning Toolkit to create, test and validate our classifier. We extract 12 static features from the domain name and analyze their weight on the prediction. We compared two supervised learning algorithms and measure their accuracy for such challenging environment. We obtained an 88% of accuracy by using Random Forest algorithm against Decision Tree 87%. |
| País: | Kérwá |
| Institución: | Universidad de Costa Rica |
| Repositorio: | Kérwá |
| Lenguaje: | Inglés |
| OAI Identifier: | oai:kerwa.ucr.ac.cr:10669/101897 |
| Acceso en línea: | https://hdl.handle.net/10669/101897 https:://doi.org/10.1109/NOMS54207.2022.9789899 |
| Palabra clave: | analytical models machine learning algorithms phishing data visualization feature extraction prediction algorithms data models domain classification machine learning traffic classification security feature engineering Splunk cyber security |