NCI WEBSITE
NORMA eResearch @NCI Library

Identification of malicious domains based on temporal features of X.509 certificates and registrar records

Tools

Shaw, Ronan (2023) Identification of malicious domains based on temporal features of X.509 certificates and registrar records. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration manual]
Preview
 PDF (Configuration manual)
Download (6MB) | Preview

Abstract

Malicious network traffic relies on DNS and TLS to evade detection by appearing legitimate with techniques which include using algorithmically generated domains which are paired with legitimately issued X.509 certificates.

The underlying concept of this work is that the time between a domain’s registration and the issuance of TLS certificates can be used to identify if a domain is malicious or not, regardless of the specificity of the threat. This paper takes several temporal attributes, from domain registrar WHOIS records and Certificate Transparency Logs, together with a novel certificate wildcard attribute, and engineers features used to train and test multiple models. Groups of feature sets are compared against each other on an intra and infra model basis.

This research demonstrates the accuracy (92%) of the engineered features considered, with very low FPR (0.2%) and f1-scores of 0.92 for prediction of malicious domains and 0.93 for benign domains. Furthermore, it identifies two temporal features which are of high significance and importance. In addition, it establishes the potential contribution of the novel wildcard certificate feature for identifying malicious domains.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Cosgrave, Noel
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Z Bibliography. Library Science. Information Resources > ZA Information resources > ZA4150 Computer Network Resources > The Internet > World Wide Web > Websites
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > Telecommunications > The Internet > World Wide Web > Websites
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Tamara Malone
Date Deposited: 05 Nov 2024 15:38
Last Modified: 05 Nov 2024 15:38
URI: https://norma.ncirl.ie/id/eprint/7151

Actions (login required)

View Item View Item