Detecting malicious domains using the Splunk machine learning toolkit
| dc.creator | Cersósimo Morales, Michelle Marie | |
| dc.creator | Lara Petitdemange, Adrián | |
| dc.date.accessioned | 2025-04-09T16:20:27Z | |
| dc.date.issued | 2022-06-09 | |
| dc.description.abstract | Malicious domains are often hidden amongst benign DNS requests. Given that DNS traffic is generally permitted, blocking malicious requests is a challenge for most network defenses. Using machine learning to classify DNS requests enables a scalable alternative to programmable blocklists. Studies in this field often reduce their dataset scope to a a single attack behavior. However, organizations are being hit by a myriad of attack patterns across multiple objectives, reducing the scope means closing the door to classifier operationalization in a real-world environment. In this paper, we propose a broader and more challenging scenario for our dataset by combining the four DNS malicious behaviors: malware, phishing, spam and botnet with legitimate domains samples. We use Splunk and its Machine Learning Toolkit to create, test and validate our classifier. We extract 12 static features from the domain name and analyze their weight on the prediction. We compared two supervised learning algorithms and measure their accuracy for such challenging environment. We obtained an 88% of accuracy by using Random Forest algorithm against Decision Tree 87%. | |
| dc.description.procedence | UCR::Vicerrectoría de Investigación::Unidades de Investigación::Ingeniería::Centro de Investigaciones en Tecnologías de Información y Comunicación (CITIC) | |
| dc.description.procedence | UCR::Vicerrectoría de Docencia::Ingeniería::Facultad de Ingeniería::Escuela de Ciencias de la Computación e Informática | |
| dc.identifier.doi | https:://doi.org/10.1109/NOMS54207.2022.9789899 | |
| dc.identifier.isbn | 978-1-6654-0602-4 | |
| dc.identifier.isbn | 978-1-6654-0601-7 | |
| dc.identifier.issn | 2374-9709 | |
| dc.identifier.issn | 1542-1201 | |
| dc.identifier.uri | https://hdl.handle.net/10669/101897 | |
| dc.language.iso | eng | |
| dc.rights | acceso embargado | |
| dc.source | NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium. Institute of Electrical and Electronics Engineers | |
| dc.subject | analytical models | |
| dc.subject | machine learning algorithms | |
| dc.subject | phishing | |
| dc.subject | data visualization | |
| dc.subject | feature extraction | |
| dc.subject | prediction algorithms | |
| dc.subject | data models | |
| dc.subject | domain classification | |
| dc.subject | machine learning | |
| dc.subject | traffic classification | |
| dc.subject | security | |
| dc.subject | feature engineering | |
| dc.subject | Splunk | |
| dc.subject | cyber security | |
| dc.title | Detecting malicious domains using the Splunk machine learning toolkit | |
| dc.type | comunicación de congreso |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- Detecting_Malicious_Domains_using_the_Splunk_Machine_Learning_Toolkit (2).pdf
- Size:
- 1.02 MB
- Format:
- Adobe Portable Document Format
License bundle
1 - 1 of 1
Loading...
- Name:
- license.txt
- Size:
- 3.5 KB
- Format:
- Item-specific license agreed upon to submission
- Description: