A4 Refereed article in a conference publication
Investigating the Agility Bias in DNS Graph Mining
Authors: Jukka Ruohonen, Ville Leppänen
Editors: No available
Conference name: IEEE International Conference on Computer and Information Technology
Publication year: 2017
Book title : Proceedings of the 17th IEEE International Conference on Computer and Information Technology CIT 2017
First page : 253
Last page: 260
Number of pages: 8
ISBN: 978-1-5386-0959-0
eISBN: 978-1-5386-0958-3
DOI: https://doi.org/10.1109/CIT.2017.55
Web address : http://ieeexplore.ieee.org/abstract/document/8031482/
Self-archived copy’s web address: https://research.utu.fi/converis/portal/detail/Publication/26902271
The concept of agile domain name system (DNS) refers to dynamic and rapidly changing mappings between domain names and their Internet protocol (IP) addresses. This empirical paper evaluates the bias from this kind of agility for DNS-based graph theoretical data mining applications. By building on two conventional metrics for observing malicious DNS agility, the agility bias is observed by comparing bipartite DNS graphs to different subgraphs from which vertices and edges are removed according to two criteria. According to an empirical experiment with two longitudinal DNS datasets, irrespective of the criterion, the agility bias is observed to be severe particularly regarding the effect of outlying domains hosted and delivered via content delivery networks and cloud computing services. With these observations, the paper contributes to the research domains of cyber security and DNS mining. In a larger context of applied graph mining, the paper further elaborates the practical concerns related to the learning of large and dynamic bipartite graphs.
Downloadable publication This is an electronic reprint of the original article. |  |
