Detecting DNS Typo-Squatting Using Ensemble-Based Feature Selection & Classification Models.

The domain name system (DNS) is a crucial component in the current IP-based Internet architecture. However, it suffers from several security vulnerabilities. This is because it does not have proper data integrity and origin authentication mechanisms. This article focuses on the typo-squatting vulnerability (a vulnerability often neglected). Typo-squatting is when attackers register a domain name that is extremely similar to an existing one to redirect users to malicious/suspicious websites. This can lead to information threats, corporate secret leakage, and can facilitate fraud. As an extension to our previous work, this work proposes ensemble-based feature selection and classification models to detect DNS typo-squatting attacks with low complexity. It is shown through experiments that the proposed framework detects the malicious/suspicious typo-squatting domains with high accuracy (above 87%). More specifically, the proposed model only loses between 0.9% and 1.5% in accuracy, 5% in precision (reaching 88%), and around 8% in recall (reaching 93%) while having a lower computational complexity given that the feature set size is reduced by more than 50%. [ABSTRACT FROM AUTHOR]