Finding New Malicious Domains Using Variational Bayes on Large-Scale Computer Network Data

0455622 - ÚTIA 2016 CA eng C - Conference Paper (international conference)
Létal, V. - Pevný, T. - Šmídl, Václav - Somol, Petr
Finding New Malicious Domains Using Variational Bayes on Large-Scale Computer Network Data.
NIPS Workshop: Advances in Approximate Bayesian Inference. Montréal, Canada: NIPS, 2015, s. 1-10.
[NIPS workshop: Advances in Approximate Bayesian Inference. Montreal (CA), 11.12.2015]
Grant - others:GA ČR(CZ) GA15-08916S
Institutional support: RVO:67985556
Keywords : variational bayes * malicious domain detection * large scale network
Subject RIV: BD - Theory of Information
http://library.utia.cas.cz/separaty/2016/AS/smidl-0455622.pdf

The common limitation in computer network security is the reactive nature of defenses. A new type of infection typically needs to be first observed live, before defensive measures can be taken. To improve the pro-active measures, we have developed a method utilizing WHOIS database (database of entities that has registered a particular domain) to model relations between domains even those not yet used. The model estimates the probability of a domain name being used for malicious purposes from observed connections to other related domains. The parameters of the model is inferred by a Variational Bayes method, and its effectiveness is demonstrated on a large-scale network data with millions of domains and trillions of connections to them.
Permanent Link: http://hdl.handle.net/11104/0257094