Skip to main content

Detection of malicious domains via a large scale temporal multipartite network

The CEU Campus
Wednesday, March 13, 2019, 2:00 pm

A security companies such as ESET collect a data about suspicious looking detection and keep the information of it's source such as URL, domain and IP. Many domains or IPs are chronically known for spreading a malware while others are known as clean and whitelisted sources. The aim of this project is to assign a probability of being blacklisted using a large scale temporal multipartie network. We model the reputation problem as a network interference problem, where we construct layers of domain, IPs and ASN, seed the network with the minimal ground information. Then we run a voter model to estimate marginal probabilities of a domain and IP being blacklisted. The voter model is seemingly a simple and provides a decent accurate results.