Malicious websites are a significant current threat to individuals and organisations. Fraudulent activities such as phishing/identity theft and malware distribution are often associated with websites that attempt to fool a user into thinking they are genuine websites, by adopting domain names that are very similar to official sites. Whilst it is possible to compile lists of malicious sites and block them, the process relies on gathering traffic data and/or user reports and can take many weeks. Typically, a malicious domain will be registered, used for a few days at most and then discarded. Hence there is a pressing need for near-instant identification of suspicious new domains. This paper proposes a novel approach based on data-driven fuzzy regular expressions which can be used to segment sets of newly registered domain names. The algorithm is presented, and proof-of-concept results are given, indicating that the method is able to identify groups of suspicious sites. .

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Fuzzy Regular Expressions and Fuzzy Concepts in the Identification of Suspicious Domain Names

  • Trevor Martin

摘要

Malicious websites are a significant current threat to individuals and organisations. Fraudulent activities such as phishing/identity theft and malware distribution are often associated with websites that attempt to fool a user into thinking they are genuine websites, by adopting domain names that are very similar to official sites. Whilst it is possible to compile lists of malicious sites and block them, the process relies on gathering traffic data and/or user reports and can take many weeks. Typically, a malicious domain will be registered, used for a few days at most and then discarded. Hence there is a pressing need for near-instant identification of suspicious new domains. This paper proposes a novel approach based on data-driven fuzzy regular expressions which can be used to segment sets of newly registered domain names. The algorithm is presented, and proof-of-concept results are given, indicating that the method is able to identify groups of suspicious sites. .