Analysis of similarities in malicious domain names

Krzysztof Lasota, Adam Kozakiewicz


The paper presents research results on similarities in structure of malicious domain names. The purpose of research was to verify the argument: Among malicious domain names the similarities in structure are significantly different from the similarities in structure among benign domain names.


malicious domains; heuristic detection methods; phishing detection

Full Text:

PDF (Polski)


Alexa, Top million sites, http://www

DNS Blackholing,

Google Safe Browning,

Gusfield D.: Algorithms on strings, trees, and sequences: computer science and computational biology-. Cambridge University Press, New York, 1997.

HoneySpider Network Project,

The Honeynet Project, Capture-HPC,

Ikinci A., Holz T., Freiling F.: Monkey-Spider: Detecting Malicious Websites with Low-Interaction Honeyclients. University of Mannheim, 2008.

Kolari P., Finin T., Joshi A.: SVMs for the Blogosphere: Blog Identification and Splog Detection. Proceedings of the AAAI Spring Symposium on Computational Approaches to Analysing Weblogs, Stanford, 2006.

Lasota K., Kozakiewicz A.: Monitorowanie ruchu HTTP pod kątem występowania złośliwych adresów URL. KSTiT'2010, Wrocław - Przegląd Telekomunikacyjny, nr 8/9/2010, s. 1325-1332.

Ma J., Saul L. K., Savage S., Voelker G. M.: Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs. Proceedings of the SIGKDD Conference, Paris 2009.

McGrath D. K., Gupta M.: Behind Phishing: An Examination of Plusher Modi Operandi. Proc. of the USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), San Francisco 2008.

Public Suffix List,

Seifert C., Welch I., Komisarczuk P.: HoneyC - The Low-Interaction Client Honeypot. 2006.