Bibliografie

(eng): The common limitation in computer network security is the reactive nature of defenses. A new type of infection typically needs to be first observed live, before defensive measures can be taken. To improve the pro-active measures, we have developed a method utilizing WHOIS database (database of entities that has registered a particular domain) to model relations between domains even those not yet used. The model estimates the probability of a domain name being used for malicious purposes from observed connections to other related domains. The parameters of the model is inferred by a Variational Bayes method, and its effectiveness is demonstrated on a large-scale network data with millions of domains and trillions of connections to them.