Publication details

Finding New Malicious Domains Using Variational Bayes on Large-Scale Computer Network Data

Conference Paper (international conference)

Létal V., Pevný T., Šmídl Václav, Somol Petr

serial: NIPS Workshop: Advances in Approximate Bayesian Inference, p. 1-10

action: NIPS workshop: Advances in Approximate Bayesian Inference, (Montreal, CA, 11.12.2015)

project(s): GA15-08916S, GA ČR

keywords: variational bayes, malicious domain detection, large scale network

preview: Download

abstract (eng):

The common limitation in computer network security is the reactive nature of defenses. A new type of infection typically needs to be first observed live, before defensive measures can be taken. To improve the pro-active measures, we have developed a method utilizing WHOIS database (database of entities that has registered a particular domain) to model relations between domains even those not yet used. The model estimates the probability of a domain name being used for malicious purposes from observed connections to other related domains. The parameters of the model is inferred by a Variational Bayes method, and its effectiveness is demonstrated on a large-scale network data with millions of domains and trillions of connections to them.