Fighting Cybercrime at Domain Names Level: A Comparative Analysis of Tools and Techniques for Identifying Malicious Domain Names
摘要
This study makes a pivotal contribution to cybersecurity research by conducting a comprehensive analysis of global tools and techniques for detecting malicious domain names. Setting itself apart from existing literature, it thoroughly evaluates the strengths and weaknesses of these tools, offering a global viewpoint and underscoring the specific cybersecurity needs of India. At the core of this research is an in-depth examination of the Domain Name System (DNS), a fundamental component of various Internet services, which is frequently exploited in cyber-attacks. We delve into the sophisticated tactics of malicious actors who use domain names for disseminating malware, orchestrating C&C communications, and hosting phishing sites, thereby highlighting the critical role of DNS in these threats. A significant facet of our study is the comparative analysis of widely-used Malicious Domain Detection (MDD) techniques, such as DNS analysis and DNS traffic measurement. This analysis provides an insightful perspective on their benefits and limitations, showcasing the depth of our methodological comparative analysis. Distinctly, this paper proposes an innovative system dedicated to monitoring and detecting malicious ‘.in’ domains. This system is not just a response to the gap in India's cybersecurity defenses but also a strategic approach to combating domain name abuse in the country's ccTLD. It offers a scalable and robust model, potentially adaptable for other regions with similar challenges. This approach is crucial for bolstering cybersecurity in India to provide a template for global cybersecurity enhancements.