Entry Bilge:2014:EPD from tissec.bib

Last update: Sun Oct 15 02:58:48 MDT 2017

Index sections

Top | Symbols | Numbers | Math | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

BibTeX entry

@Article{Bilge:2014:EPD,
  author =       "Leyla Bilge and Sevil Sen and Davide Balzarotti and
                 Engin Kirda and Christopher Kruegel",
  title =        "{EXPOSURE}: a Passive {DNS} Analysis Service to Detect
                 and Report Malicious Domains",
  journal =      j-TISSEC,
  volume =       "16",
  number =       "4",
  pages =        "14:1--14:??",
  month =        apr,
  year =         "2014",
  CODEN =        "ATISBQ",
  DOI =          "https://doi.org/10.1145/2584679",
  ISSN =         "1094-9224 (print), 1557-7406 (electronic)",
  ISSN-L =       "1094-9224",
  bibdate =      "Mon May 5 18:00:10 MDT 2014",
  bibsource =    "http://portal.acm.org/;
                 http://www.math.utah.edu/pub/tex/bib/tissec.bib",
  abstract =     "A wide range of malicious activities rely on the
                 domain name service (DNS) to manage their large,
                 distributed networks of infected machines. As a
                 consequence, the monitoring and analysis of DNS queries
                 has recently been proposed as one of the most promising
                 techniques to detect and blacklist domains involved in
                 malicious activities (e.g., phishing, spam, botnets
                 command-and-control, etc.). EXPOSURE is a system we
                 designed to detect such domains in real time, by
                 applying 15 unique features grouped in four categories.
                 We conducted a controlled experiment with a large,
                 real-world dataset consisting of billions of DNS
                 requests. The extremely positive results obtained in
                 the tests convinced us to implement our techniques and
                 deploy it as a free, online service. In this article,
                 we present the Exposure system and describe the results
                 and lessons learned from 17 months of its operation.
                 Over this amount of time, the service detected over
                 100K malicious domains. The statistics about the time
                 of usage, number of queries, and target IP addresses of
                 each domain are also published on a daily basis on the
                 service Web page.",
  acknowledgement = ack-nhfb,
  articleno =    "14",
  fjournal =     "ACM Transactions on Information and System Security",
  journal-URL =  "http://portal.acm.org/browse_dl.cfm?idx=J789",
}

Related entries

activity, 2(1)65, 11(4)20, 12(1)4, 12(2)13, 15(4)17, 17(3)12
address, 2(1)65, 2(4)390, 10(2)8, 10(3)12, 11(1)4, 11(2)3, 11(3)12, 12(2)11, 13(3)22, 13(3)26, 13(4)31, 13(4)38, 13(4)40, 14(1)3, 15(1)2, 15(2)6, 15(2)8, 16(3)11, 17(1)1, 17(1)2, 17(1)4, 17(2)8, 17(3)11
amount, 10(4)6, 12(3)16, 12(3)17, 13(4)29, 14(1)12, 16(3)10, 17(3)10, 17(4)15, 18(1)4, 18(4)14
analysis, 1(1)66, 2(1)34, 2(2)138, 2(3)230, 2(3)332, 4(1)1, 6(4)443, 7(2)175, 7(4)489, 8(3)312, 9(3)292, 9(4)391, 10(1)2, 10(3)9, 10(3)10, 10(3)11, 10(4)2, 10(4)6, 11(2)3, 11(3)13, 11(3)15, 11(4)17, 11(4)18, 11(4)23, 12(1)4, 12(2)10, 12(3)16, 13(1)10, 13(3)25, 13(3)26, 13(3)27, 13(4)41, 14(1)6, 14(1)8, 14(1)13, 14(2)15, 14(4)28, 15(3)14, 15(4)17, 15(4)18, 16(1)2, 16(1)4, 16(2)8, 16(3)10, 16(3)11, 16(4)17, 17(1)1, 17(1)4, 17(2)7, 17(3)9, 17(4)14, 18(1)1, 18(1)4, 18(2)6
applying, 16(4)17
article, 10(1)3, 11(1)3, 11(1)4, 11(2)5, 11(3)12, 11(3)14, 11(3)15, 11(3)16, 11(4)20, 11(4)22, 11(4)23, 12(1)1, 12(1)2, 12(1)4, 12(1)6, 12(2)8, 12(2)10, 12(2)13, 12(3)14, 12(3)16, 12(3)17, 12(3)19, 12(4)21, 12(4)22, 13(3)22, 13(3)24, 13(3)25, 13(3)27, 13(3)28, 13(4)29, 13(4)31, 13(4)32, 13(4)34, 13(4)36, 13(4)41, 14(1)2, 14(1)3, 14(1)4, 14(1)10, 14(1)13, 14(1)14, 14(3)23, 14(3)25, 14(4)30, 15(2)9, 15(2)10, 15(3)11, 15(3)12, 15(3)13, 15(4)15, 15(4)16, 15(4)17, 16(1)1, 16(1)4, 16(2)6, 16(2)7, 16(2)8, 16(3)10, 16(4)15, 17(2)8, 17(3)9, 17(3)11, 17(3)12, 17(4)13, 17(4)16, 18(1)3, 18(2)5, 18(2)7, 18(3)9, 18(3)10, 18(3)11, 18(4)12, 18(4)14
basis, 2(1)34, 2(3)295, 10(4)2, 11(4)20, 11(4)22, 12(1)2, 13(3)27, 14(1)8
been, 1(1)93, 2(3)269, 2(3)332, 10(1)2, 10(3)12, 10(4)4, 11(1)2, 11(4)17, 11(4)22, 11(4)23, 12(1)1, 12(1)2, 12(3)17, 13(3)20, 13(3)27, 13(4)36, 13(4)39, 14(1)3, 14(1)13, 14(1)14, 14(3)27, 14(4)28, 15(2)10, 16(3)10, 17(1)3, 17(3)12, 17(4)14, 17(4)15, 17(4)16, 18(2)7, 18(4)14
billions, 16(4)16
blacklist, 16(4)16
category, 15(1)2
conducted, 10(4)4, 14(1)10, 18(4)13, 18(4)14
consequence, 2(2)138, 12(1)2, 14(1)2, 16(2)5, 17(1)2
consisting, 17(4)13, 17(4)15
controlled, 9(4)421, 10(4)3, 12(3)14, 17(3)12
daily, 18(1)1
dataset, 10(1)4, 10(4)4, 12(1)4, 13(4)32, 15(4)15, 15(4)17, 16(2)8, 17(3)12, 18(2)7, 18(4)12, 18(4)14
deploy, 16(3)12
describe, 1(1)66, 2(1)3, 2(1)34, 2(1)105, 2(2)159, 2(2)177, 2(3)230, 2(4)354, 2(4)390, 7(2)319, 10(4)3, 11(4)21, 12(1)1, 12(2)11, 12(3)16, 12(4)21, 13(4)30, 13(4)34, 14(3)24, 14(3)27, 15(3)11, 15(3)13, 16(3)10, 16(3)12, 17(2)5, 18(2)8
designed, 2(4)416, 10(3)10, 10(3)11, 10(3)12, 11(1)2, 11(3)12, 12(4)21, 12(4)22, 13(3)25, 13(4)38, 16(2)5, 16(2)8, 16(3)9, 16(3)10, 17(4)13, 18(1)3
detect, 2(3)295, 10(4)6, 11(3)14, 11(3)15, 12(2)10, 12(2)11, 12(2)13, 12(3)19, 14(1)13, 15(2)6, 16(2)5, 17(4)16, 18(2)7, 18(3)9
detected, 11(2)5, 13(4)30
distributed, 2(1)34, 2(1)105, 2(2)159, 2(3)332, 4(2)103, 4(4)407, 6(1)128, 8(1)41, 9(1)1, 9(4)421, 10(2)7, 11(1)3, 11(1)4, 11(2)1, 11(3)14, 12(1)1, 12(1)2, 12(2)8, 12(2)12, 13(2)16, 13(3)25, 14(1)3, 14(1)12, 14(3)27, 14(4)31, 15(2)6, 15(3)13, 16(4)15, 17(4)13, 18(1)2, 18(2)6
DNS, 15(2)6
domain, 2(3)295, 14(1)9, 14(4)31, 16(4)15, 16(4)17, 17(2)5, 17(2)7, 18(2)6, 18(2)8
e.g., 1(1)66, 2(2)177, 2(3)230, 2(4)354, 2(4)390, 10(4)1, 11(4)22, 12(1)1, 12(2)10, 12(2)12, 14(1)2, 15(2)6, 16(2)7, 17(1)1, 17(3)12, 17(4)15, 18(3)9
each, 2(1)65, 2(2)138, 2(4)390, 9(4)421, 9(4)461, 10(1)4, 10(2)8, 10(3)10, 10(3)12, 11(3)14, 11(4)18, 11(4)23, 12(1)6, 12(2)8, 12(2)10, 12(3)18, 12(4)20, 13(1)10, 13(4)29, 13(4)34, 14(3)25, 14(3)26, 14(3)27, 14(4)32, 15(1)2, 15(2)6, 16(4)17, 17(2)8, 17(3)10, 17(3)12, 17(4)13, 18(1)4
etc., 1(1)66, 15(2)7, 17(3)12
experiment, 10(4)1, 10(4)4, 11(2)5, 11(3)12, 11(4)22, 12(2)13, 13(3)28, 15(4)15, 16(2)6, 16(3)10, 16(3)11, 17(3)12, 17(4)15, 18(3)11
exposure, 7(2)319, 8(1)119
extremely, 11(2)2, 11(3)15, 12(4)21
feature, 2(1)34, 2(2)177, 2(3)295, 3(4)227, 10(1)2, 10(3)12, 11(4)22, 13(3)24, 13(4)32, 13(4)35, 13(4)41, 16(2)5, 16(2)7, 16(4)13, 17(3)10, 17(4)16, 18(2)5, 18(3)11
four, 14(1)9, 15(3)12
free, 8(3)312, 9(4)461
has, 1(1)93, 2(1)105, 2(2)138, 2(3)230, 2(3)269, 2(3)332, 9(4)391, 10(1)3, 10(1)4, 10(3)10, 11(1)2, 11(2)2, 11(3)14, 11(4)17, 11(4)19, 11(4)22, 11(4)23, 12(1)2, 12(2)9, 12(2)10, 12(3)15, 12(4)22, 13(3)20, 13(3)25, 13(3)26, 13(3)27, 13(3)28, 13(4)36, 14(1)3, 14(1)12, 14(1)14, 14(3)26, 14(4)28, 15(1)2, 15(2)6, 15(2)10, 15(3)12, 16(2)8, 17(1)2, 17(1)3, 17(3)9, 17(3)11, 17(4)14, 17(4)15, 17(4)16, 18(2)7, 18(3)11, 18(4)14
implement, 2(2)177, 9(4)461, 11(1)3, 11(3)14, 11(3)16, 12(1)4, 12(2)13, 14(1)6, 14(1)10, 14(3)24, 14(4)31, 15(2)6, 16(2)6, 16(2)8, 16(3)10, 17(2)6, 17(3)10
involved, 2(4)416, 9(4)421, 10(1)4, 13(4)32
IP, 5(2)119, 10(3)9, 10(3)11, 12(4)22, 13(4)35, 15(2)6, 15(4)16
Kruegel, Christopher, 9(1)61
large, 1(1)66, 2(1)65, 9(4)391, 11(1)4, 11(3)15, 12(2)13, 13(4)32, 14(1)12, 14(1)13, 14(3)25, 15(1)4, 15(3)14, 15(4)15, 16(2)8, 17(3)10, 17(3)11, 18(4)14
machine, 2(2)159, 2(2)177, 2(3)230, 2(3)295, 12(2)12, 14(1)6, 14(1)10, 14(2)18, 14(2)21, 15(2)9, 15(3)12, 16(2)7, 16(3)9, 16(4)13, 17(2)8, 18(2)6, 18(3)11
malicious, 2(2)177, 2(3)295, 10(3)11, 10(4)6, 11(2)2, 11(3)13, 11(3)14, 11(3)15, 11(4)22, 11(4)23, 12(2)12, 12(3)14, 14(1)13, 15(1)2, 15(4)17, 16(2)6, 16(3)12, 16(4)13, 17(3)10, 17(3)12, 17(4)13, 18(2)5
manage, 2(1)105, 2(3)269, 15(2)6
monitoring, 11(2)2, 12(2)13, 12(3)19, 13(2)12, 13(4)38, 14(1)13, 15(2)10, 16(1)3, 16(2)7
most, 2(3)332, 9(4)391, 11(2)2, 11(3)12, 11(4)22, 12(2)8, 12(2)12, 12(3)14, 12(4)21, 13(1)10, 13(3)27, 13(4)30, 14(3)27, 15(1)5, 15(2)6, 15(4)15, 15(4)18, 16(1)4, 16(2)6, 16(4)13, 17(3)11, 17(3)12, 17(4)16, 18(1)1
name, 10(1)2
number, 7(2)319, 9(2)181, 10(1)4, 10(2)5, 10(3)11, 10(3)12, 10(4)5, 11(1)2, 11(2)5, 11(3)12, 11(3)14, 11(3)15, 12(1)1, 12(1)2, 12(1)5, 12(1)6, 12(2)8, 12(2)9, 12(2)13, 12(3)16, 12(3)18, 12(4)21, 13(1)10, 13(3)20, 13(3)22, 13(3)25, 13(4)32, 13(4)34, 14(1)11, 14(3)26, 14(4)31, 15(1)4, 15(2)7, 15(2)8, 15(4)15, 16(1)4, 16(2)7, 16(4)16, 17(3)10, 17(4)16, 18(2)8
obtained, 1(1)26, 10(1)2, 10(1)4, 10(2)8, 11(3)13, 12(2)8, 12(3)18, 14(1)14, 18(4)12
one, 1(1)26, 1(1)93, 2(1)3, 2(1)65, 2(3)295, 9(4)461, 10(1)2, 10(2)5, 10(2)8, 10(3)12, 10(4)3, 11(2)6, 11(3)14, 12(1)1, 12(1)5, 12(2)13, 12(3)14, 13(3)21, 13(3)25, 13(3)26, 13(3)27, 13(4)41, 14(1)3, 14(1)5, 14(4)30, 14(4)32, 15(2)10, 15(3)11, 15(4)16, 15(4)18, 16(1)3, 16(1)4, 16(3)9, 17(2)8, 17(4)13, 18(1)1, 18(3)11, 18(4)13
online, 1(1)3, 9(3)235, 11(2)5, 11(4)19, 12(2)13, 12(4)22, 13(4)41, 14(1)11, 14(4)32, 15(2)9, 16(2)7, 17(4)14, 18(1)1, 18(4)13
operation, 1(1)93, 2(4)416, 6(3)365, 9(4)421, 10(3)11, 11(4)20, 11(4)23, 12(2)10, 12(3)14, 12(3)18, 13(1)9, 13(1)10, 14(1)13, 14(4)31, 16(3)12, 18(1)2
passive, 15(1)5
phishing, 14(2)21, 16(4)13, 16(4)16
positive, 10(3)9
present, 1(1)26, 2(1)3, 2(1)65, 2(2)177, 2(3)230, 2(3)269, 2(3)295, 2(4)354, 7(2)319, 9(2)181, 9(4)461, 10(1)2, 10(2)7, 10(3)10, 10(3)11, 10(3)12, 10(4)2, 10(4)3, 11(1)2, 11(1)4, 11(2)2, 11(2)5, 11(3)14, 11(4)22, 12(1)2, 12(1)4, 12(2)10, 12(2)11, 12(3)14, 12(3)15, 12(3)16, 12(3)17, 12(4)22, 13(1)10, 13(3)20, 13(3)22, 13(3)25, 13(3)28, 13(4)29, 13(4)41, 14(1)4, 14(1)5, 14(1)6, 15(1)2, 15(2)6, 15(2)8, 15(2)10, 15(3)12, 15(3)13, 15(4)16, 15(4)18, 16(2)6, 16(2)7, 16(4)13, 17(1)4, 17(2)6, 17(2)7, 17(2)8, 17(3)9, 17(3)12, 17(4)14, 17(4)15, 17(4)16, 18(1)3, 18(1)4, 18(2)7, 18(3)9, 18(3)10, 18(3)11, 18(4)12, 18(4)14
promising, 10(3)12, 11(1)2, 18(4)13
proposed, 1(1)93, 2(2)138, 2(3)269, 2(4)416, 4(3)224, 9(2)162, 9(4)421, 10(1)2, 10(3)12, 10(4)4, 11(1)2, 11(1)3, 11(2)5, 11(3)14, 11(4)22, 11(4)23, 12(1)2, 12(1)3, 12(3)18, 12(4)21, 13(3)20, 13(3)27, 13(3)28, 13(4)36, 13(4)38, 13(4)39, 14(3)24, 14(3)27, 15(1)5, 15(3)11, 15(3)13, 15(4)15, 15(4)17, 16(3)10, 16(3)11, 16(4)16, 17(1)3, 17(4)14, 18(3)11
published, 13(1)10
query, 9(4)391, 10(1)3, 11(2)5, 12(3)16, 13(3)22, 13(3)28, 13(4)32, 16(3)12, 17(2)7
range, 2(1)65, 11(2)5, 12(3)14, 16(4)17, 17(3)10
real, 10(1)2, 10(4)1, 10(4)4, 11(2)3, 11(3)16, 11(4)17, 12(2)10, 12(2)11, 12(2)13, 13(4)30, 14(4)30, 16(3)10, 16(4)17, 17(4)16, 18(1)3, 18(3)9, 18(4)12
real-world, 2(2)159, 14(1)10, 15(4)15, 16(4)16, 18(2)7
recently, 2(4)416, 9(2)181, 13(3)26, 13(3)28, 13(4)37, 14(3)27, 15(1)2, 15(2)7, 16(3)10, 16(4)17, 17(4)14, 17(4)16, 18(1)1
rely, 10(4)3, 10(4)6, 11(2)6, 12(1)3, 13(4)38, 14(1)9, 15(1)3, 16(1)1, 16(4)13, 18(1)2
report, 10(1)4, 10(4)4, 13(3)24, 16(1)1, 17(2)5
request, 1(1)66, 10(1)3, 11(2)3, 13(3)20, 14(1)2, 14(1)8, 14(1)9, 16(4)13, 16(4)17, 17(1)2
result, 1(1)3, 1(1)26, 2(3)230, 2(4)390, 9(2)162, 10(1)3, 10(1)4, 10(2)5, 10(2)6, 10(3)9, 10(3)11, 10(4)2, 10(4)5, 11(2)3, 11(2)5, 11(3)13, 11(3)15, 11(4)18, 11(4)20, 11(4)21, 11(4)22, 12(1)4, 12(2)9, 12(3)14, 12(3)17, 13(1)10, 13(3)22, 13(3)24, 13(3)25, 13(4)33, 13(4)35, 14(1)2, 14(1)14, 14(2)19, 15(1)5, 15(2)7, 15(2)8, 15(3)12, 15(3)13, 15(3)14, 15(4)15, 16(1)2, 16(1)3, 16(2)5, 16(2)6, 16(2)7, 16(3)10, 16(3)11, 16(4)17, 17(2)7, 17(3)9, 17(3)10, 17(3)12, 17(4)14, 18(1)4, 18(2)5, 18(2)6, 18(3)9, 18(3)11, 18(4)12, 18(4)13
service, 2(4)354, 4(4)453, 6(4)472, 10(1)2, 10(2)8, 10(3)11, 10(4)4, 10(4)6, 11(1)2, 11(1)4, 11(3)15, 11(4)19, 12(2)12, 12(3)16, 13(4)38, 13(4)39, 13(4)41, 14(1)5, 14(3)23, 15(2)6, 15(3)12, 15(3)13, 16(2)5, 16(2)6, 16(3)11, 16(3)12, 17(4)13, 17(4)15, 18(1)1, 18(1)2, 18(4)12, 18(4)13
spam, 12(2)13
statistics, 11(4)19, 14(3)26
target, 2(4)416, 11(4)23, 13(3)20, 13(3)28, 13(4)35, 15(2)10, 15(4)17, 17(4)13, 17(4)16
technique, 1(1)3, 2(2)138, 2(3)230, 2(3)295, 2(4)416, 7(2)274, 9(4)391, 9(4)461, 10(2)6, 10(3)9, 10(4)6, 11(2)2, 11(3)12, 11(3)16, 11(4)17, 11(4)18, 11(4)22, 12(1)4, 12(2)11, 12(2)13, 12(3)16, 12(3)18, 13(3)22, 13(3)25, 13(3)28, 13(4)32, 13(4)33, 13(4)35, 13(4)36, 13(4)39, 14(1)3, 14(1)5, 14(1)6, 14(1)13, 14(3)24, 14(4)32, 15(1)2, 15(1)5, 15(2)7, 15(2)8, 15(3)12, 15(4)17, 15(4)18, 16(1)2, 16(2)6, 16(2)7, 16(3)11, 16(4)13, 17(3)9, 17(3)12, 17(4)16, 18(1)2, 18(2)6, 18(3)11
test, 11(4)19, 12(2)10, 12(2)13, 16(2)8
time, 2(1)105, 2(3)332, 2(4)390, 2(4)416, 9(4)461, 10(1)3, 10(2)8, 11(2)3, 11(2)4, 11(2)5, 11(3)13, 11(4)17, 11(4)20, 11(4)21, 11(4)23, 12(2)8, 12(3)17, 12(3)18, 12(3)19, 12(4)20, 12(4)21, 12(4)22, 13(4)37, 13(4)39, 14(1)2, 14(1)11, 14(1)14, 14(3)26, 14(4)31, 15(2)7, 15(3)12, 15(4)17, 16(1)4, 16(4)13, 16(4)17, 17(3)9, 17(3)10, 17(3)11, 17(4)13, 18(1)2, 18(1)4, 18(3)10
unique, 10(4)3, 11(3)12, 12(3)16, 15(3)12, 17(4)16, 18(2)7, 18(3)11
usage, 7(1)128, 8(4)351, 11(1)3
web, 1(1)66, 2(1)34, 2(4)390, 4(1)37, 10(2)8, 10(3)12, 11(1)4, 11(2)3, 11(3)15, 12(2)12, 12(3)17, 13(4)39, 14(2)21, 14(3)26, 16(4)13, 16(4)16, 18(1)1
wide, 11(4)19, 12(3)14, 13(3)21, 14(1)10, 15(1)2, 15(4)15, 16(2)5, 16(2)7, 16(4)17, 17(4)16
world, real-, 2(2)159, 14(1)10, 15(4)15, 16(4)16, 18(2)7