Skip to main content
Springer Nature Link
Log in

Evolving Smart URL Filter in a Zone-Based Policy Firewall for Detecting Algorithmically Generated Malicious Domains

  • Conference paper
  • First Online:
Statistical Learning and Data Sciences (SLDS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 9047))

Included in the following conference series:

Abstract

Domain Generation Algorithm (DGA) has evolved as one of the most dangerous and “undetectable” digital security deception methods. The complexity of this approach (combined with the intricate function of the fast-flux “botnet” networks) is the cause of an extremely risky threat which is hard to trace. In most of the cases it should be faced as zero-day vulnerability. This kind of combined attacks is responsible for malware distribution and for the infection of Information Systems. Moreover it is related to illegal actions, like money mule recruitment sites, phishing websites, illicit online pharmacies, extreme or illegal adult content sites, malicious browser exploit sites and web traps for distributing virus. Traditional digital security mechanisms face such vulnerabilities in a conventional manner, they create often false alarms and they fail to forecast them. This paper proposes an innovative fast and accurate evolving Smart URL Filter (eSURLF) in a Zone-based Policy Firewall (ZFW) which uses evolving Spiking Neural Networks (eSNN) for detecting algorithmically generated malicious domains names.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. www.damballa.com

  2. www.crowdstrike.com

  3. DGAs and Cyber-Criminals: A Case Study, Research Note. www.damballa.com

  4. Yadav, S., Reddy, A.K.K., Reddy, A.L.N., Ranjan, S.: Detecting Algorithmically Generated Domain-Flux Attacks With DNS Traffic Analysis. ACM 20(5) (2012)

    Google Scholar 

  5. Perdisci, R., Corona, I., Giacinto, G.: Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis. By the IEEE Computer Society (2012)

    Google Scholar 

  6. Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis. TISSEC 16(4), Article No. 14 A (2014)

    Google Scholar 

  7. Demertzis, K., Iliadis, L.: A hybrid network anomaly and intrusion detection approach based on evolving spiking neural network classification. In: Sideridis, A.B. (ed.) E-Democracy 2013. CCIS, vol. 441, pp. 11–23. Springer, Heidelberg (2014)

    Google Scholar 

  8. Demertzis, K., Iliadis, L.: Evolving computational intelligence system for malware detection. In: Iliadis, L., Papazoglou, M., Pohl, K. (eds.) CAiSE Workshops 2014. LNBIP, vol. 178, pp. 322–334. Springer, Heidelberg (2014)

    Google Scholar 

  9. Demertzis, K., Iliadis, L.: Bio-Inspired hybrid artificial intelligence framework for cyber security. In: Proceedings of the 2nd Conference on CryptAAF, Athens, Greece (2014)

    Google Scholar 

  10. Demertzis, K., Iliadis, L.: Bio-Inspired Hybrid Intelligent Method for Detecting Android Malware. In: Proceedings of the 9th KICSS Conference, Limassol, Cyprus (2014)

    Google Scholar 

  11. Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee W.: Bothunter: detecting malware infection through ids-driven dialog correlation. In: 16th USENIX, pp. 1--16 (2007)

    Google Scholar 

  12. Ma, J.: Beyond blacklist: learning to detect malicious website from suspicious URLs. In: SIGKDD Conference, Paris, France (2009)

    Google Scholar 

  13. McGrath, D.K., Gupta, M.: Behind phishing: an examination of phisher modi operandi. In: USENIX on Large-scale Exploits and Emergent Threats (LEET) (2008)

    Google Scholar 

  14. Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming botnets: signatures and characteristics. ACM SIGCOMM Comp. Comm. Review (2008)

    Google Scholar 

  15. Stalmans, E.: A framework for DNS based detection and mitigation of malware infections on a network. In: Information Security South Africa Conference (2011)

    Google Scholar 

  16. Nhauo, D., Sung-Ryul, K.: Classification of malicious domain names using support vector machine and bi-gram method. J. of Security and its Applications 7(1) (2013)

    Google Scholar 

  17. Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu, S., Lee, W., Dagon, D.: From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware (2012)

    Google Scholar 

  18. Zhao, D., Traore, I., Sayed, B., Lu, W., Saad, S., Ghorbani, A.: Botnet detection based on traffic behavior analysis and flow intervals. J. Computer Security 39, 2–16 (2013)

    Google Scholar 

  19. Holz, T., Gorecki, C., Rieck, K., Freiling, F.: Measuring and detecting fast-flux service networks. In: Network & Distributed System Security Symposium, NDSS 2008 (2008)

    Google Scholar 

  20. Passerini, E., Paleari, R., Martignoni, L., Bruschi, D.: Fluxor: detecting and monitoring fast-flux service networks. In: DIMVA 2008 (2008)

    Google Scholar 

  21. Nazario, J., Holz, T.: As the net churns fast-flux botnet observations. In: MALWARE (2008)

    Google Scholar 

  22. Konte, M., Feamster, N., Jung, J.: Dynamics of online scam hosting infrastructure. In: Passive and Active Measurement Conference, PAM 2009 (2009)

    Google Scholar 

  23. Cisco Router and Security Device Manager 2.4 User’s Guide. www.cisco.com

  24. http://www.alexa.com/

  25. http://www.malwaredomains.com/

  26. https://www.clicksecurity.com/

  27. Upton, G., Cook, I.: Understanding Statistics. Oxford University Press, p. 55 (1996)

    Google Scholar 

  28. Thorpe, S.J., Delorme, A., Rullen, R.: Spike-based strategies for rapid processing (2001)

    Google Scholar 

  29. Schliebs, S., Kasabov, N.: Evolving spiking neural network—a survey. Springer (2013)

    Google Scholar 

  30. Delorme, A., Perrinet, L., Thorpe, S.J.: Networks of Integrate-and-Fire Neurons using Rank Order Coding. Pub. in Neurocomputing 38-40(1-4), 539–545 (2000)

    Google Scholar 

  31. Thorpe, S.J., Gautrais, J.: Rank order coding. In: CNS 1997: 6th Conf. on Computational Neuroscience: Trends in Research, pp. 113–118. Plenum Pr. (1998)

    Google Scholar 

  32. Kasabov, N.: Evolving connectionist systems: Methods and Applications in Bioinformatics, Brain study and intelligent machines. Springer (2002)

    Google Scholar 

  33. Wysoski, S.G., Benuskova, L., Kasabov, N.: Adaptive learning procedure for a network of spiking neurons and visual pattern recognition. In: Blanc-Talon, J., Philips, W., Popescu, D., Scheunders, P. (eds.) ACIVS 2006. LNCS, vol. 4179, pp. 1133–1142. Springer, Heidelberg (2006)

    Google Scholar 

  34. Schliebs, S., Defoin-Platel, M., Kasabov, N.: Integrated feature and parameter optimization for an evolving spiking neural network. In: Köppen, M., Kasabov, N., Coghill, G. (eds.) ICONIP 2008, Part I. LNCS, vol. 5506, pp. 1229–1236. Springer, Heidelberg (2009)

    Google Scholar 

  35. Iliadis, L.: Intelligent Information Systems and applications in risk estimation. A. Stamoulis publication, Thessaloniki (2008) ISBN: 978-960-6741-33-3

    Google Scholar 

  36. Mirjalili, S., Hashim, S., Sardroudi, H.: Training feedforward neural networks using hybrid particle swarm optimization and gravitational search algorithm. Elsevier (2012)

    Google Scholar 

  37. Ferreira, C.: Gene Expression Programming: Mathematical Modeling by an Artificial Intelligence, 2nd edn., Springer (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Democritus University of Thrace, 193 Pandazidou st., 68200, Orestiada, Greece

    Konstantinos Demertzis & Lazaros Iliadis

Authors
  1. Konstantinos Demertzis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lazaros Iliadis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Konstantinos Demertzis .

Editor information

Editors and Affiliations

  1. University of London, Egham, Surrey, United Kingdom

    Alexander Gammerman

  2. University of London, Egham, Surrey, United Kingdom

    Vladimir Vovk

  3. Frederick University, Nicosia, Cyprus

    Harris Papadopoulos

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Demertzis, K., Iliadis, L. (2015). Evolving Smart URL Filter in a Zone-Based Policy Firewall for Detecting Algorithmically Generated Malicious Domains. In: Gammerman, A., Vovk, V., Papadopoulos, H. (eds) Statistical Learning and Data Sciences. SLDS 2015. Lecture Notes in Computer Science(), vol 9047. Springer, Cham. https://doi.org/10.1007/978-3-319-17091-6_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17091-6_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17090-9

  • Online ISBN: 978-3-319-17091-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics