2021 IEEE International Conference on Acoustics, Speech and Signal Processing
6-11 June 2021 • Toronto, Ontario, Canada
Extracting Knowledge from Information
| Paper ID | IFS-5.5 | ||
| Paper Title | DETECTION OF MALICIOUS DNS AND WEB SERVERS USING GRAPH-BASED APPROACHES | ||
| Authors | Jinyuan Jia, Duke University, United States; Zheng Dong, Jie Li, Microsoft Corporation, United States; Jack W. Stokes, Microsoft Research, United States | ||
| Session | IFS-5: Privacy and Information Security | ||
| Location | Gather.Town | ||
| Session Time: | Thursday, 10 June, 15:30 - 16:15 | ||
| Presentation Time: | Thursday, 10 June, 15:30 - 16:15 | ||
| Presentation | Poster | ||
| Topic | Information Forensics and Security: [CYB] Cybersecurity | ||
| IEEE Xplore Open Preview | Click here to view in IEEE Xplore | ||
| Abstract | The DNS hijacking attack represents a significant threat to users. In this type of attack, a malicious DNS server redirects a victim domain to an attacker-controlled web server. Existing defenses are not scalable and have not been widely deployed. In this work, we propose both unsupervised and semi-supervised defenses based on the available knowledge of the defender. Specifically, our unsupervised defense is a graph-based detection approach employing a new variant of the community detection algorithm. When the IP addresses of several compromised DNS servers are available, we also propose a semi-supervised defense for the detection of compromised or malicious web servers which host the web content. We evaluate our defenses on a real-world attack. The experimental results show that our defenses can successfully identify these malicious web servers and/or DNS server IPs. Moreover, we find that a deep learning-based algorithm, i.e., node2vec, outperforms one which employs belief propagation. | ||